A newly discovered security vulnerability in the Vim text editor, identified as CVE-2025-27423, poses a serious risk for users. This flaw, found in Vim’s (tar.vim plugin), could allow attackers to gain control of a user’s computer if a malicious TAR file is opened.

Vim’s tar.vim plugin is designed to help users view and edit TAR files (a type of compressed archive) directly in the text editor. Unfortunately, a recent update introduced an issue where filenames within these TAR files were not adequately checked or "sanitized." Cybercriminals can exploit this by crafting a specially designed TAR file to execute harmful commands on a victim's computer once the file is opened in Vim.

https://github.com/vim/vim/security/advisories/GHSA-wfmf-8626-q3r3

#cybersecurity #vulnerability #vim #tar #plugin #cve #code_execution #Ry0taK