Описание
open_actions.py in kitty before 0.41.0 does not ask for user confirmation before running a local executable file that may have been linked from an untrusted document (e.g., a document opened in KDE ghostwriter).
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| kitty | fixed | 0.41.1-1 | package | |
| kitty | not-affected | bullseye | package |
Примечания
https://github.com/kovidgoyal/kitty/commit/ce5cfdd9caf44c538af800a07162e1f49bd53c35 (v0.41.0)
PoC: https://github.com/0xBenCantCode/CVE-2025-43929
Vulernable code introduced with: https://github.com/kovidgoyal/kitty/commit/1454af2d416f0eb738c2268ee3297cacb0215dd0 (v0.24.2)
EPSS
Связанные уязвимости
open_actions.py in kitty before 0.41.0 does not ask for user confirmation before running a local executable file that may have been linked from an untrusted document (e.g., a document opened in KDE ghostwriter).
open_actions.py in kitty before 0.41.0 does not ask for user confirmation before running a local executable file that may have been linked from an untrusted document (e.g., a document opened in KDE ghostwriter).
open_actions.py in kitty before 0.41.0 does not ask for user confirmation before running a local executable file that may have been linked from an untrusted document (e.g., a document opened in KDE ghostwriter).
EPSS