CVE-2025-27423

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-27423
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-27423.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-27423
Aliases
  • GHSA-wfmf-8626-q3r3
Downstream
Related
Published
2025-03-03T16:30:19.752Z
Modified
2026-03-03T01:23:29.603328Z
Severity
  • 7.1 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N CVSS Calculator
Summary
Improper Input Validation in Vim
Details

Vim is an open source, command line text editor. Vim is distributed with the tar.vim plugin, that allows easy editing and viewing of (compressed or uncompressed) tar files. Starting with 9.1.0858, the tar.vim plugin uses the ":read" ex command line to append below the cursor position, however the is not sanitized and is taken literally from the tar archive. This allows to execute shell commands via special crafted tar archives. Whether this really happens, depends on the shell being used ('shell' option, which is set using $SHELL). The issue has been fixed as of Vim patch v9.1.1164

Database specific 
{
    "cwe_ids": [
        "CWE-77"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/27xxx/CVE-2025-27423.json"
}
References

Affected packages

Git / github.com/vim/vim

Affected ranges

Type
GIT
Repo
https://github.com/vim/vim
Events
Introduced
002ccbfac4ab0b052f4d547ea4c4ffbf212e4592
Fixed
334a13bff78aa0ad206bc436885f63e3a0bab399

Affected versions

v9.*
v9.1.0858
v9.1.0859
v9.1.0860
v9.1.0861
v9.1.0862
v9.1.0863
v9.1.0864
v9.1.0865
v9.1.0866
v9.1.0867
v9.1.0868
v9.1.0869
v9.1.0870
v9.1.0871
v9.1.0872
v9.1.0873
v9.1.0874
v9.1.0875
v9.1.0876
v9.1.0877
v9.1.0878
v9.1.0879
v9.1.0880
v9.1.0881
v9.1.0882
v9.1.0883
v9.1.0884
v9.1.0885
v9.1.0886
v9.1.0887
v9.1.0888
v9.1.0889
v9.1.0890
v9.1.0891
v9.1.0892
v9.1.0893
v9.1.0894
v9.1.0895
v9.1.0896
v9.1.0897
v9.1.0898
v9.1.0899
v9.1.0900
v9.1.0901
v9.1.0902
v9.1.0903
v9.1.0904
v9.1.0905
v9.1.0906
v9.1.0907
v9.1.0908
v9.1.0909
v9.1.0910
v9.1.0911
v9.1.0912
v9.1.0913
v9.1.0914
v9.1.0915
v9.1.0916
v9.1.0917
v9.1.0918
v9.1.0919
v9.1.0920
v9.1.0921
v9.1.0922
v9.1.0923
v9.1.0924
v9.1.0925
v9.1.0926
v9.1.0927
v9.1.0928
v9.1.0929
v9.1.0930
v9.1.0931
v9.1.0932
v9.1.0933
v9.1.0934
v9.1.0935
v9.1.0936
v9.1.0937
v9.1.0938
v9.1.0939
v9.1.0940
v9.1.0941
v9.1.0942
v9.1.0943
v9.1.0944
v9.1.0945
v9.1.0946
v9.1.0947
v9.1.0948
v9.1.0949
v9.1.0950
v9.1.0951
v9.1.0952
v9.1.0953
v9.1.0954
v9.1.0955
v9.1.0956
v9.1.0957
v9.1.0958
v9.1.0959
v9.1.0960
v9.1.0961
v9.1.0962
v9.1.0963
v9.1.0964
v9.1.0965
v9.1.0966
v9.1.0967
v9.1.0968
v9.1.0969
v9.1.0970
v9.1.0971
v9.1.0972
v9.1.0973
v9.1.0974
v9.1.0975
v9.1.0976
v9.1.0977
v9.1.0978
v9.1.0979
v9.1.0980
v9.1.0981
v9.1.0982
v9.1.0983
v9.1.0984
v9.1.0985
v9.1.0986
v9.1.0987
v9.1.0988
v9.1.0989
v9.1.0990
v9.1.0991
v9.1.0992
v9.1.0993
v9.1.0994
v9.1.0995
v9.1.0996
v9.1.0997
v9.1.0998
v9.1.0999
v9.1.1000
v9.1.1001
v9.1.1002
v9.1.1003
v9.1.1004
v9.1.1005
v9.1.1006
v9.1.1007
v9.1.1008
v9.1.1009
v9.1.1010
v9.1.1011
v9.1.1012
v9.1.1013
v9.1.1014
v9.1.1015
v9.1.1016
v9.1.1017
v9.1.1018
v9.1.1019
v9.1.1020
v9.1.1021
v9.1.1022
v9.1.1023
v9.1.1024
v9.1.1025
v9.1.1026
v9.1.1027
v9.1.1028
v9.1.1029
v9.1.1030
v9.1.1031
v9.1.1032
v9.1.1033
v9.1.1034
v9.1.1035
v9.1.1036
v9.1.1037
v9.1.1038
v9.1.1039
v9.1.1040
v9.1.1041
v9.1.1042
v9.1.1043
v9.1.1044
v9.1.1045
v9.1.1046
v9.1.1047
v9.1.1048
v9.1.1049
v9.1.1050
v9.1.1051
v9.1.1052
v9.1.1053
v9.1.1054
v9.1.1055
v9.1.1056
v9.1.1057
v9.1.1058
v9.1.1059
v9.1.1060
v9.1.1061
v9.1.1062
v9.1.1063
v9.1.1064
v9.1.1065
v9.1.1066
v9.1.1067
v9.1.1068
v9.1.1069
v9.1.1070
v9.1.1071
v9.1.1072
v9.1.1073
v9.1.1074
v9.1.1075
v9.1.1076
v9.1.1077
v9.1.1078
v9.1.1079
v9.1.1080
v9.1.1081
v9.1.1082
v9.1.1083
v9.1.1084
v9.1.1085
v9.1.1086
v9.1.1087
v9.1.1088
v9.1.1089
v9.1.1090
v9.1.1091
v9.1.1092
v9.1.1093
v9.1.1094
v9.1.1095
v9.1.1096
v9.1.1097
v9.1.1098
v9.1.1099
v9.1.1100
v9.1.1101
v9.1.1102
v9.1.1103
v9.1.1104
v9.1.1105
v9.1.1106
v9.1.1107
v9.1.1108
v9.1.1109
v9.1.1110
v9.1.1111
v9.1.1112
v9.1.1113
v9.1.1114
v9.1.1115
v9.1.1116
v9.1.1117
v9.1.1118
v9.1.1119
v9.1.1120
v9.1.1121
v9.1.1122
v9.1.1123
v9.1.1124
v9.1.1125
v9.1.1126
v9.1.1127
v9.1.1128
v9.1.1129
v9.1.1130
v9.1.1131
v9.1.1132
v9.1.1133
v9.1.1134
v9.1.1135
v9.1.1136
v9.1.1137
v9.1.1138
v9.1.1139
v9.1.1140
v9.1.1141
v9.1.1142
v9.1.1143
v9.1.1144
v9.1.1145
v9.1.1146
v9.1.1147
v9.1.1148
v9.1.1149
v9.1.1150
v9.1.1151
v9.1.1152
v9.1.1153
v9.1.1154
v9.1.1155
v9.1.1156
v9.1.1157
v9.1.1158
v9.1.1159
v9.1.1160
v9.1.1161
v9.1.1162
v9.1.1163

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-27423.json"
vanir_signatures 
[
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "146200493773228420153804765641940418619",
                "54069080228710742106500088696143742559",
                "165648928382473796051573239069931743373",
                "287972549147640933965742538228768810044"
            ]
        },
        "source": "https://github.com/vim/vim/commit/334a13bff78aa0ad206bc436885f63e3a0bab399",
        "signature_type": "Line",
        "id": "CVE-2025-27423-08c35938",
        "target": {
            "file": "src/version.c"
        }
    }
]