AI description
CVE-2025-27423 is a vulnerability found in the tar.vim plugin, bundled with the Vim text editor. This flaw allows potential attackers to execute arbitrary code on a victim's system. The attack vector involves specially crafted TAR archives. When a user opens such a malicious TAR file within Vim, embedded commands within the filenames can be executed. This vulnerability affects Vim versions 9.1.0858 through 9.1.1163. A patch addressing this issue was released in Vim version 9.1.1164 on March 2, 2025. Users of affected Vim versions are strongly encouraged to update to the patched version to mitigate the risk of exploitation.
- Description
- Vim is an open source, command line text editor. Vim is distributed with the tar.vim plugin, that allows easy editing and viewing of (compressed or uncompressed) tar files. Starting with 9.1.0858, the tar.vim plugin uses the ":read" ex command line to append below the cursor position, however the is not sanitized and is taken literally from the tar archive. This allows to execute shell commands via special crafted tar archives. Whether this really happens, depends on the shell being used ('shell' option, which is set using $SHELL). The issue has been fixed as of Vim patch v9.1.1164
- Source
- security-advisories@github.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 7.1
- Impact score
- 5.2
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
- Severity
- HIGH
- security-advisories@github.com
- CWE-77
- Hype score
- Not currently trending
مورد توجه کاربران لینوکس به تازگی آسیب پذیری جدیدی با کد شناسایی CVE-2025-27423 برای ابزار vim منتشر شده است. علت آسیب پذیری ، پلاگینی به نام Vim.tar می باشد ، که باعث می شود این ابزار بتواند فایل های tar را باز نماید. https://t.co/Poz3aKYxT1 https://t.co/IHAOXqgcKe
@AmirHossein_sec
9 Mar 2025
29 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
به تازگی آسیب پذیری جدیدی با کد شناسایی CVE-2025-27423 برای ابزار vim منتشر شده. علت آسیب پذیری،پلاگینی به نام Vim.tar می باشد،که باعث میشود این ابزار بتواند فایل های tar رابازنماید.هکرها با ارسال فایل tar آلوده باعث اکسپلویت شدن vim و اجرا شدن کد بر روی سیستم آسیب پذیر می شوند.
@cybernetic_cy
8 Mar 2025
86 Impressions
2 Retweets
4 Likes
0 Bookmarks
0 Replies
0 Quotes
Vimのtar.vimプラグインにリスクの高い脆弱性(CVE-2025-27423) 最新情報へアップデート対応を。 #セキュリティ対策Lab #セキュリティ #Security https://t.co/B7dTq8GT5H
@securityLab_jp
6 Mar 2025
30 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
A critical vulnerability in Vim's tar.vim plugin (CVE-2025-27423) allows arbitrary code execution via crafted tar files. Update to version 9.1.1164 to stay secure. ⚠️ #VimEditor #OpenSource #USA link: https://t.co/gRgDj6gLMn https://t.co/cfqx4h5iiK
@TweetThreatNews
5 Mar 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Advertencia para los usuarios de Vim: los archivos TAR creados podrían desencadenar la ejecución de código (CVE-2025-27423) https://t.co/eXxuv0ntMM https://t.co/HHSAxFvskE
@elhackernet
5 Mar 2025
3281 Impressions
18 Retweets
34 Likes
4 Bookmarks
1 Reply
0 Quotes
⚠️ Vulnerability Alert: Vim Code Execution Vulnerability 📅 Timeline: Disclosure: 2025-03-01, Patch: 2025-03-04 📌 Attribution: Not specified 🆔 CVE ID: CVE-2025-27423 📊 Base Score: 7.1 📏 CVSS Metrics: AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N CVSS Severity: High 🟠 🛠️
@syedaquib77
5 Mar 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Vim Vulnerability (CVE-2025-27423) Allows Code Execution via Malicious TAR Archives #JustUnsecure #AFrihackbox https://t.co/Z38Hq3XPVA
@afrihackbox
5 Mar 2025
22 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Vimテキストエディタの脆弱性CVE-2025-27423は、tar.vimプラグインが悪意あるtarファイルを扱う際に任意のコードが実行される。 2025年3月に修正されたこの脆弱性はtar.vimプラグインがアーカイブメタデータから抽出したファイル名を無害化せずにシステムコマンド文字列を構築することで発生する。… https://t.co/ilw3Z1Zy2T
@yousukezan
5 Mar 2025
1587 Impressions
5 Retweets
9 Likes
4 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-27423 🔴 HIGH (7.1) 🏢 vim - vim 🏗️ < 9.1.1164 🔗 https://t.co/O3Ncy2PeAL 🔗 https://t.co/kv2bfK2ykx 🔗 https://t.co/HSx1zTlsCc #CyberCron #VulnAlert #InfoSec https://t.co/I9EYg7Iah5
@cybercronai
5 Mar 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Vim Users Warned: Crafted TAR Files Could Trigger Code Execution (CVE-2025-27423) https://t.co/erXLtuhM4Y
@Dinosn
5 Mar 2025
4444 Impressions
33 Retweets
88 Likes
25 Bookmarks
1 Reply
2 Quotes
Vim Users Warned: Crafted TAR Files Could Trigger Code Execution (CVE-2025-27423) Explore CVE-2025-27423, a Vim vulnerability that allows arbitrary code execution. Learn how to protect your systems. https://t.co/CRK6b44Fqr
@the_yellow_fall
5 Mar 2025
973 Impressions
7 Retweets
12 Likes
3 Bookmarks
0 Replies
0 Quotes
CVE-2025-27423 Vim is an open source, command line text editor. Vim is distributed with the tar.vim plugin, that allows easy editing and viewing of (compressed or uncompressed) tar … https://t.co/i0xRbOW7hg
@CVEnew
4 Mar 2025
87 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes