VYPR
Unrated severityNVD Advisory· Published Nov 20, 2025· Updated Nov 20, 2025

CVE-2025-12120

CVE-2025-12120

Description

Lite XL versions 2.1.8 and prior automatically execute the .lite_project.lua file when opening a project directory, without prompting the user for confirmation. The .lite_project.lua file is intended for project-specific configuration but can contain executable Lua logic. This behavior could allow execution of untrusted Lua code if a user opens a malicious project, potentially leading to arbitrary code execution with the privileges of the Lite XL process.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Lite XL/Lite XLllm-fuzzy2 versions
    <=2.1.8+ 1 more
    • (no CPE)range: <=2.1.8
    • (no CPE)range: 2.1.8 and earlier

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.