CVE-2025-31488

Name of the Vulnerable Software and Affected Versions Plain Craft Launcher versions prior to 2.9.3

Description The issue arises when Plain Craft Launcher (PCL) uses Internet Explorer to load webpages from third-party homepages, potentially allowing attackers to access specified webpages without the user's knowledge. This can occur when controls like WebBrowser are used in the homepage.

Recommendations For versions prior to 2.9.3, update to version 2.9.3 to resolve the issue. As a temporary workaround, consider avoiding the use of homepages that utilize controls such as WebBrowser until the update is applied. Restrict access to potentially malicious homepages to minimize the risk of exploitation.