{"id":"CVE-2025-27423","summary":"Improper Input Validation in Vim","details":"Vim is an open source, command line text editor. Vim is distributed with the tar.vim plugin, that allows easy editing and viewing of (compressed or uncompressed) tar files. Starting with 9.1.0858, the tar.vim plugin uses the \":read\" ex command line to append below the cursor position, however the is not sanitized and is taken literally from the tar archive. This allows to execute shell commands via special crafted tar archives. Whether this really happens, depends on the shell being used ('shell' option, which is set using $SHELL). The issue has been fixed as of Vim patch v9.1.1164","aliases":["GHSA-wfmf-8626-q3r3"],"modified":"2026-04-17T10:36:21.375987Z","published":"2025-03-03T16:30:19.752Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/27xxx/CVE-2025-27423.json","cwe_ids":["CWE-77"],"cna_assigner":"GitHub_M"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/27xxx/CVE-2025-27423.json"},{"type":"ADVISORY","url":"https://github.com/vim/vim/security/advisories/GHSA-wfmf-8626-q3r3"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-27423"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20250502-0002/"},{"type":"FIX","url":"https://github.com/vim/vim/commit/129a8446d23cd9cb4445fcfea259cba5e0487d29"},{"type":"FIX","url":"https://github.com/vim/vim/commit/334a13bff78aa0ad206bc436885f63e3a0bab399"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/vim/vim","events":[{"introduced":"002ccbfac4ab0b052f4d547ea4c4ffbf212e4592"},{"fixed":"334a13bff78aa0ad206bc436885f63e3a0bab399"},{"fixed":"129a8446d23cd9cb4445fcfea259cba5e0487d29"}],"database_specific":{"versions":[{"introduced":"9.1.0858"},{"fixed":"9.1.1164"}]}}],"versions":["v9.1.0858","v9.1.0859","v9.1.0860","v9.1.0861","v9.1.0862","v9.1.0863","v9.1.0864","v9.1.0865","v9.1.0866","v9.1.0867","v9.1.0868","v9.1.0869","v9.1.0870","v9.1.0871","v9.1.0872","v9.1.0873","v9.1.0874","v9.1.0875","v9.1.0876","v9.1.0877","v9.1.0878","v9.1.0879","v9.1.0880","v9.1.0881","v9.1.0882","v9.1.0883","v9.1.0884","v9.1.0885","v9.1.0886","v9.1.0887","v9.1.0888","v9.1.0889","v9.1.0890","v9.1.0891","v9.1.0892","v9.1.0893","v9.1.0894","v9.1.0895","v9.1.0896","v9.1.0897","v9.1.0898","v9.1.0899","v9.1.0900","v9.1.0901","v9.1.0902","v9.1.0903","v9.1.0904","v9.1.0905","v9.1.0906","v9.1.0907","v9.1.0908","v9.1.0909","v9.1.0910","v9.1.0911","v9.1.0912","v9.1.0913","v9.1.0914","v9.1.0915","v9.1.0916","v9.1.0917","v9.1.0918","v9.1.0919","v9.1.0920","v9.1.0921","v9.1.0922","v9.1.0923","v9.1.0924","v9.1.0925","v9.1.0926","v9.1.0927","v9.1.0928","v9.1.0929","v9.1.0930","v9.1.0931","v9.1.0932","v9.1.0933","v9.1.0934","v9.1.0935","v9.1.0936","v9.1.0937","v9.1.0938","v9.1.0939","v9.1.0940","v9.1.0941","v9.1.0942","v9.1.0943","v9.1.0944","v9.1.0945","v9.1.0946","v9.1.0947","v9.1.0948","v9.1.0949","v9.1.0950","v9.1.0951","v9.1.0952","v9.1.0953","v9.1.0954","v9.1.0955","v9.1.0956","v9.1.0957","v9.1.0958","v9.1.0959","v9.1.0960","v9.1.0961","v9.1.0962","v9.1.0963","v9.1.0964","v9.1.0965","v9.1.0966","v9.1.0967","v9.1.0968","v9.1.0969","v9.1.0970","v9.1.0971","v9.1.0972","v9.1.0973","v9.1.0974","v9.1.0975","v9.1.0976","v9.1.0977","v9.1.0978","v9.1.0979","v9.1.0980","v9.1.0981","v9.1.0982","v9.1.0983","v9.1.0984","v9.1.0985","v9.1.0986","v9.1.0987","v9.1.0988","v9.1.0989","v9.1.0990","v9.1.0991","v9.1.0992","v9.1.0993","v9.1.0994","v9.1.0995","v9.1.0996","v9.1.0997","v9.1.0998","v9.1.0999","v9.1.1000","v9.1.1001","v9.1.1002","v9.1.1003","v9.1.1004","v9.1.1005","v9.1.1006","v9.1.1007","v9.1.1008","v9.1.1009","v9.1.1010","v9.1.1011","v9.1.1012","v9.1.1013","v9.1.1014","v9.1.1015","v9.1.1016","v9.1.1017","v9.1.1018","v9.1.1019","v9.1.1020","v9.1.1021","v9.1.1022","v9.1.1023","v9.1.1024","v9.1.1025","v9.1.1026","v9.1.1027","v9.1.1028","v9.1.1029","v9.1.1030","v9.1.1031","v9.1.1032","v9.1.1033","v9.1.1034","v9.1.1035","v9.1.1036","v9.1.1037","v9.1.1038","v9.1.1039","v9.1.1040","v9.1.1041","v9.1.1042","v9.1.1043","v9.1.1044","v9.1.1045","v9.1.1046","v9.1.1047","v9.1.1048","v9.1.1049","v9.1.1050","v9.1.1051","v9.1.1052","v9.1.1053","v9.1.1054","v9.1.1055","v9.1.1056","v9.1.1057","v9.1.1058","v9.1.1059","v9.1.1060","v9.1.1061","v9.1.1062","v9.1.1063","v9.1.1064","v9.1.1065","v9.1.1066","v9.1.1067","v9.1.1068","v9.1.1069","v9.1.1070","v9.1.1071","v9.1.1072","v9.1.1073","v9.1.1074","v9.1.1075","v9.1.1076","v9.1.1077","v9.1.1078","v9.1.1079","v9.1.1080","v9.1.1081","v9.1.1082","v9.1.1083","v9.1.1084","v9.1.1085","v9.1.1086","v9.1.1087","v9.1.1088","v9.1.1089","v9.1.1090","v9.1.1091","v9.1.1092","v9.1.1093","v9.1.1094","v9.1.1095","v9.1.1096","v9.1.1097","v9.1.1098","v9.1.1099","v9.1.1100","v9.1.1101","v9.1.1102","v9.1.1103","v9.1.1104","v9.1.1105","v9.1.1106","v9.1.1107","v9.1.1108","v9.1.1109","v9.1.1110","v9.1.1111","v9.1.1112","v9.1.1113","v9.1.1114","v9.1.1115","v9.1.1116","v9.1.1117","v9.1.1118","v9.1.1119","v9.1.1120","v9.1.1121","v9.1.1122","v9.1.1123","v9.1.1124","v9.1.1125","v9.1.1126","v9.1.1127","v9.1.1128","v9.1.1129","v9.1.1130","v9.1.1131","v9.1.1132","v9.1.1133","v9.1.1134","v9.1.1135","v9.1.1136","v9.1.1137","v9.1.1138","v9.1.1139","v9.1.1140","v9.1.1141","v9.1.1142","v9.1.1143","v9.1.1144","v9.1.1145","v9.1.1146","v9.1.1147","v9.1.1148","v9.1.1149","v9.1.1150","v9.1.1151","v9.1.1152","v9.1.1153","v9.1.1154","v9.1.1155","v9.1.1156","v9.1.1157","v9.1.1158","v9.1.1159","v9.1.1160","v9.1.1161","v9.1.1162","v9.1.1163"],"database_specific":{"vanir_signatures":[{"target":{"file":"src/version.c"},"source":"https://github.com/vim/vim/commit/334a13bff78aa0ad206bc436885f63e3a0bab399","deprecated":false,"signature_version":"v1","signature_type":"Line","digest":{"line_hashes":["146200493773228420153804765641940418619","54069080228710742106500088696143742559","165648928382473796051573239069931743373","287972549147640933965742538228768810044"],"threshold":0.9},"id":"CVE-2025-27423-08c35938"}],"vanir_signatures_modified":"2026-04-17T10:36:21Z","source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-27423.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"}]}