Description

Vim is an open source, command line text editor. Vim is distributed with the tar.vim plugin, that allows easy editing and viewing of (compressed or uncompressed) tar files. Starting with 9.1.0858, the tar.vim plugin uses the ":read" ex command line to append below the cursor position, however the is not sanitized and is taken literally from the tar archive. This allows to execute shell commands via special crafted tar archives. Whether this really happens, depends on the shell being used ('shell' option, which is set using $SHELL). The issue has been fixed as of Vim patch v9.1.1164

INFO

Published Date :

2025-03-03T16:30:19.752Z

Last Modified :

2025-05-02T23:03:02.425Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-27423 vulnerability.

Vendors Products
Netapp
  • Hci Compute Node
Vim
  • Vim
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-27423.

URL Resource
https://github.com/vim/vim/commit/129a8446d23cd9cb4445fcfea259cba5e0487d29 cve-icon cve-icon cve-icon
https://github.com/vim/vim/commit/334a13bff78aa0ad206bc436885f63e3a0bab399 cve-icon cve-icon cve-icon
https://github.com/vim/vim/security/advisories/GHSA-wfmf-8626-q3r3 cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-27423 cve-icon
https://security.netapp.com/advisory/ntap-20250502-0002/ cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-27423 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact