Skip to content
/ CVE-2025-43929 Public

High severity vulnerability in KiTTY allowing for local executables to be ran without user confirmation under certain circumstances.

hitman.services/cve-2025-43929/
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

0xBenCantCode/CVE-2025-43929

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
CVE-2025-43929-POC
CVE-2025-43929-POC
 
 
README.md
README.md
 
 

Repository files navigation

CVE-2025-43929

Proof-of-concept for CVE-2025-43929, a high-severity vulnerability in KiTTY allowing for local executables to be ran without user confirmation under certain circumstances

Vulnerability Type

CWE-346: CWE-346 Origin Validation Error

Vulnerability Description

open_actions.py in kitty before 0.41.0 does not ask for user confirmation before running a local executable file that may have been linked from an untrusted document (e.g., a document opened in KDE ghostwriter).

Vulnerability Demo

demo.mp4

About

High severity vulnerability in KiTTY allowing for local executables to be ran without user confirmation under certain circumstances.

hitman.services/cve-2025-43929/

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages