CVE-2025-43929

Name of the Vulnerable Software and Affected Versions kitty versions prior to 0.41.0

Description The issue concerns the open actions.py script in kitty, which does not request user confirmation before executing a local executable file. This file may have been linked from an untrusted document, such as one opened in KDE ghostwriter.

Recommendations For versions prior to 0.41.0, update to version 0.41.0 or later to resolve the issue. As a temporary workaround, consider disabling the execution of local executable files linked from untrusted documents until a patch is applied. Restrict access to the open actions.py script to minimize the risk of exploitation.