CVE-2025-43929

Summary

open_actions.py in kitty before 0.41.0 does not ask for user confirmation before running a local executable file that may have been linked from an untrusted document (e.g., a document opened in KDE ghostwriter).

Affected Software

VendorProductVersion RangeStatus
kitty projectkitty0 < 0.41.0affected

Weaknesses

  • CWE-346: CWE-346 Origin Validation Error

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References