CVE-2025-12121

Lite XL versions 2.1.8 and earlier are affected by CVE-2025-12121 due to an unsanitized system.exec usage in core.lua (project directory launching), rootview.lua (drag‑and‑drop handling), and treeview.lua (open in system). This allows arbitrary command execution with the Lite XL process privilege...

CVE-2025-12121 CVE-2025-12121

Lite XL versions 2.1.8 and prior contain a vulnerability in the system.exec function, which allowed arbitrary command execution through unsanitized shell command construction. This function was used in project directory launching core.lua, drag-and-drop file handling rootview.lua, and the “open i...

CVE-2025-12121

Lite XL versions 2.1.8 and prior contain a vulnerability in the system.exec function, which allowed arbitrary command execution through unsanitized shell command construction. This function was used in project directory launching core.lua, drag-and-drop file handling rootview.lua, and the “open i...

Lite XL Arbitrary Code Execution via Project Module and Legacy system.exec Function

Overview Lite XL is a lightweight text editor derived from the lite project, written primarily in Lua and C. It supports Windows, Linux, and macOS, and is designed for extensibility through plugins and project‑specific modules. Description Two vulnerabilities were identified Lite XL: CVE-2025-121...