Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-43929 PoC — kitty 安全漏洞

Source
https://github.com/0xBenCantCode/CVE-2025-43929
Associated Vulnerability
Title:kitty 安全漏洞 (CVE-2025-43929)
Description:open_actions.py in kitty before 0.41.0 does not ask for user confirmation before running a local executable file that may have been linked from an untrusted document (e.g., a document opened in KDE ghostwriter).
Description
High severity vulnerability in KiTTY allowing for local executables to be ran without user confirmation under certain circumstances.
Readme
# CVE-2025-43929
Proof-of-concept for CVE-2025-43929, a high-severity vulnerability in KiTTY allowing for local executables to be ran without user confirmation under certain circumstances

## Vulnerability Type
CWE-346: CWE-346 Origin Validation Error

## Vulnerability Description
open_actions.py in kitty before 0.41.0 does not ask for user confirmation before running a local executable file that may have been linked from an untrusted document (e.g., a document opened in KDE ghostwriter).

## Vulnerability Demo
https://github.com/user-attachments/assets/87f0b35e-97b4-4b11-b495-b0112ae590e5
File Snapshot

 [4.0K]  /data/pocs/a116c71a2869f85862407b1fb8a0bb7b8a4bc328
├── [4.0K]  CVE-2025-43929-POC
│   ├── [  58]  test
│   └── [ 215]  test.md
└── [ 598]  README.md

1 directory, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →