CVE-2025-31488

Plain Craft Launcher's custom homepage can use Internet Explorer to load web pages with the help of controls such as WebBrowser

Description

Plain Craft Launcher (PCL) is a launcher for Minecraft. PCL allows users to use homepages provided by third parties. If controls such as WebBrowser are used in the homepage, WPF will use Internet Explorer to load the specified webpage. If the user uses a malicious homepage, the attacker can use IE background to access the specified webpage without knowing it. This vulnerability is fixed in 2.9.3.

INFO

Published Date :

2025-04-06T19:56:24.648Z

Last Modified :

2025-04-07T14:15:50.443Z

Source :

GitHub_M

AFFECTED PRODUCTS

The following products are affected by CVE-2025-31488 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-31488.

URL	Resource
https://github.com/Hex-Dragon/PCL2/security/advisories/GHSA-wfpw-hfcp-9m73

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability