Summary: A newly discovered vulnerability in the Vim text editor allows attackers to execute arbitrary code through maliciously crafted tar files. The flaw, tracked as CVE-2025-27423, originates from a recent update to the tar.vim plugin that failed to properly sanitize filenames. Users are urged to update to the patched version to mitigate risks associated with this security vulnerability.
Affected: Vim text editor
Keypoints :
- Vulnerability allows execution of arbitrary shell commands by exploiting the tar.vim plugin.
- Discovered flaw has a CVSS severity score of 7.1, classified as high risk.
- Patching solution is available in Vim version 9.1.1164; users should update immediately.