MidnightBSD

Advisories for kovidgoyal

CVE-2025-43929

open_actions.py in kitty before 0.41.0 does not ask for user confirmation before running a local executable file that may have been linked from an untrusted document (e.g., a document opened in KDE ghostwriter).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
cve@mitre.org 4.1 MEDIUM CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N 1.0 2.7

Products Affected

Vendor Product Version
kovidgoyal kitty *