Description
open_actions.py in kitty before 0.41.0 does not ask for user confirmation before running a local executable file that may have been linked from an untrusted document (e.g., a document opened in KDE ghostwriter).
Exploits
No known exploits found for this CVE.
Search Exploit-DBReferences
cve@mitre.org
https://ghostwriter.kde.org/documentation/#linkscve@mitre.org
https://github.com/0xBenCantCode/CVE-2025-43929cve@mitre.org
https://hitman.services/cve-2025-43929/