vulnerability
FreeBSD: VID-2ec7816d-fdb7-11ef-91ff-b42e991fc52e (CVE-2025-27423): vim -- Improper Input Validation in Vim
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:L/AC:M/Au:N/C:C/I:C/A:N) | Mar 10, 2025 | Mar 12, 2025 | Mar 25, 2026 |
Severity
6
CVSS
(AV:L/AC:M/Au:N/C:C/I:C/A:N)
Published
Mar 10, 2025
Added
Mar 12, 2025
Modified
Mar 25, 2026
Description
[email protected] reports: Vim is distributed with the tar.vim plugin, that allows easy editing and viewing of (compressed or uncompressed) tar files. Starting with 9.1.0858, the tar.vim plugin uses the ":read" ex command line to append below the cursor position, however the is not sanitized and is taken literally from the tar archive. This allows to execute shellcommands via special crafted tar archives. Whether this really happens, depends on the shell being used ('shell' option, which is set using $SHELL).
Solutions
freebsd-upgrade-package-vimfreebsd-upgrade-package-vim-gtk2freebsd-upgrade-package-vim-gtk3freebsd-upgrade-package-vim-motiffreebsd-upgrade-package-vim-tinyfreebsd-upgrade-package-vim-x11
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.