216.73.217.80

CVE-2025-12120

· Published 20/11/2025 17:15 · Modified 10/12/2025 17:47

Labels: CVE-2025-12120 2025-11-20CVE-2025-12120CWE-94[email protected]

Essential information

Published
20/11/2025 17:15
Modified
10/12/2025 17:47
Author
Creator
CVSS
7.3 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CVSS metrics

Description

Lite XL versions 2.1.8 and prior automatically execute the .lite_project.lua file when opening a project directory, without prompting the user for confirmation. The .lite_project.lua file is intended for project-specific configuration but can contain executable Lua logic. This behavior could allow execution of untrusted Lua code if a user opens a malicious project, potentially leading to arbitrary code execution with the privileges of the Lite XL process.

NVD status

Status
Analyzed — CVE has had analysis completed and all data associations made.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
lite-xl / lite xl cpe:2.3:a:lite-xl:lite_xl:*:*:*:*:*:*:*:*

References