Shell Command Injection in Vim's Tar.vim Plugin
CVE-2025-27423

7.1HIGH

Key Information:

Vendor: Vim
Status: Vim
Vendor: CVE Published:; 3 March 2025

Badges

📈 Score: 1,240👾 Exploit Exists📰 News Worthy

What is CVE-2025-27423?

CVE-2025-27423 is a vulnerability found in Vim, an open-source command line text editor widely used for its efficiency and versatility in text manipulation and coding. This specific vulnerability resides within the tar.vim plugin, which facilitates the editing and viewing of tar files. The flaw allows attackers to exploit the ":read" command, which does not properly sanitize inputs from tar archives. Consequently, this could enable the execution of arbitrary shell commands, potentially leading to severe security implications for organizations using Vim.

Technical Details

The vulnerability is triggered by the use of the ":read" ex command in the tar.vim plugin, effective from version 9.1.0858. When a specially crafted tar archive is utilized, the plugin appends content directly below the cursor position without sanitizing the input. As a result, malicious code embedded in the tar file could be executed in the shell defined by the user's environment variable ($SHELL). This presents a significant risk, particularly for users operating in environments where the shell option is set to a vulnerable or exploitable shell. The issue has been addressed in Vim patch version 9.1.1164.

Potential impact of CVE-2025-27423

Arbitrary Code Execution: Attackers could execute arbitrary shell commands on a victim's machine by exploiting this vulnerability, which can be exploited through crafted tar files.
Data Compromise: Successful exploitation may lead to unauthorized access to sensitive data, allowing attackers to manipulate or exfiltrate information from the system.
System Integrity Threats: Executing malicious code can compromise the integrity of the system, potentially allowing further infections, the installation of backdoors, or lateral movement within networks to target additional systems.