CVE-2025-43929

MEDIUM

kitty < 0.41.0 - Unauthenticated Arbitrary Code Execution via Untrusted Document Link

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-43929. PoCs published by 0xBenCantCode.

AI-analyzed exploit summary This repository contains a writeup for CVE-2025-43929, a vulnerability in KiTTY that allows local executables to run without user confirmation due to an origin validation error. The vulnerability affects versions before 0.41.0 and can be exploited via untrusted documents.

Description

open_actions.py in kitty before 0.41.0 does not ask for user confirmation before running a local executable file that may have been linked from an untrusted document (e.g., a document opened in KDE ghostwriter).

Exploits (1)

nomisec WRITEUP
by 0xBenCantCode · poc
https://github.com/0xBenCantCode/CVE-2025-43929

This repository contains a writeup for CVE-2025-43929, a vulnerability in KiTTY that allows local executables to run without user confirmation due to an origin validation error. The vulnerability affects versions before 0.41.0 and can be exploited via untrusted documents.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Theoretical
Target: KiTTY before 0.41.0
No auth needed
Prerequisites: Untrusted document with a linked executable · User interaction to open the document
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Scores

CVSS v3 4.1
EPSS 0.0016
EPSS Percentile 5.6%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-346
Status published
Products (1)
kovidgoyal/kitty < 0.41.0
Published Apr 20, 2025
Tracked Since Feb 18, 2026