vulnerability
FreeBSD: VID-2ec7816d-fdb7-11ef-91ff-b42e991fc52e (CVE-2025-27423): vim -- Improper Input Validation in Vim
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:L/AC:M/Au:N/C:C/I:C/A:N) | Mar 10, 2025 | Mar 12, 2025 | Dec 10, 2025 |
Severity
6
CVSS
(AV:L/AC:M/Au:N/C:C/I:C/A:N)
Published
Mar 10, 2025
Added
Mar 12, 2025
Modified
Dec 10, 2025
Description
[email protected] reports: Vim is distributed with the tar.vim plugin, that allows easy editing and viewing of (compressed or uncompressed) tar files. Starting with 9.1.0858, the tar.vim plugin uses the ":read" ex command line to append below the cursor position, however the is not sanitized and is taken literally from the tar archive. This allows to execute shellcommands via special crafted tar archives. Whether this really happens, depends on the shell being used ('shell' option, which is set using $SHELL).
Solutions
freebsd-upgrade-package-vimfreebsd-upgrade-package-vim-gtk2freebsd-upgrade-package-vim-gtk3freebsd-upgrade-package-vim-motiffreebsd-upgrade-package-vim-tinyfreebsd-upgrade-package-vim-x11
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.