The critical vulnerability identified in the Vim text editor, CVE-2025-27423, poses a high-severity threat by enabling arbitrary code execution through maliciously crafted TAR archives. Affected by this flaw are Vim versions prior to 9.1.1164, where an input validation failure in the tar.vim plugin could lead to potential command injection attacks. The impact of this vulnerability extends from individual users to broader development and production environments, potentially affecting CI/CD pipelines and automated system processes. Exploitation of this bug necessitates user interaction, such as opening a malicious TAR file, putting both local and system-wide security at risk.
Source: https://cybersecuritynews.com/vim-editor-vulnerability-exploited/
"id": "get456030525",
"linkid": "getvim",
"type": "Vulnerability",
"date": "3/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"