Medium severity4.1NVD Advisory· Published Apr 20, 2025· Updated Jun 17, 2026
CVE-2025-43929
CVE-2025-43929
Description
open_actions.py in kitty before 0.41.0 does not ask for user confirmation before running a local executable file that may have been linked from an untrusted document (e.g., a document opened in KDE ghostwriter).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: 0
Patches
Vulnerability mechanics
References
4- github.com/kovidgoyal/kitty/commit/ce5cfdd9caf44c538af800a07162e1f49bd53c35nvdPatch
- github.com/kovidgoyal/kitty/compare/v0.40.1...v0.41.0nvdPatch
- hitman.services/cve-2025-43929/nvdExploitThird Party Advisory
- ghostwriter.kde.org/documentation/nvdProduct
News mentions
0No linked articles in our index yet.