CVE Alert: CVE-2025-27423
Vulnerability Summary: CVE-2025-27423
Vim is an open source, command line text editor. Vim is distributed with the tar.vim plugin, that allows easy editing and viewing of (compressed or uncompressed) tar files. Starting with 9.1.0858, the tar.vim plugin uses the “:read” ex command line to append below the cursor position, however the is not sanitized and is taken literally from the tar archive. This allows to execute shell commands via special crafted tar archives. Whether this really happens, depends on the shell being used (‘shell’ option, which is set using $SHELL). The issue has been fixed as of Vim patch v9.1.1164
Affected Endpoints:
No affected endpoints listed.
Published Date:
3/3/2025, 5:15:15 PM
🔥 CVSS Score:
Exploit Status:
Not ExploitedReferences:
- https://github.com/vim/vim/commit/129a8446d23cd9cb4445fcfea259cba5e0487d29
- https://github.com/vim/vim/commit/334a13bff78aa0ad206bc436885f63e3a0bab399
- https://github.com/vim/vim/security/advisories/GHSA-wfmf-8626-q3r3
Recommended Action:
No proposed action available. Please refer to vendor documentation for updates.
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
