CVE-2025-27423

Published: Mar 3, 2025

Modified: May 2, 2025

PUBLISHED

CVSS v3.1

7.1

HIGH

Description

Vim is an open source, command line text editor. Vim is distributed with the tar.vim plugin, that allows easy editing and viewing of (compressed or uncompressed) tar files. Starting with 9.1.0858, the tar.vim plugin uses the ":read" ex command line to append below the cursor position, however the is not sanitized and is taken literally from the tar archive. This allows to execute shell commands via special crafted tar archives. Whether this really happens, depends on the shell being used ('shell' option, which is set using $SHELL). The issue has been fixed as of Vim patch v9.1.1164

Vendor	Product	Versions
vim	vim	affected `< 9.1.1164`

Weaknesses (CWE)

CWE-77

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

References

https://github.com/vim/vim/security/advisories/GHSA-wfmf-8626-q3r3

x_refsource_CONFIRM

https://github.com/vim/vim/commit/129a8446d23cd9cb4445fcfea259cba5e0487d29

x_refsource_MISC

https://github.com/vim/vim/commit/334a13bff78aa0ad206bc436885f63e3a0bab399

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-27423

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References