CVE-2025-31488

Vulnerability Description

Plain Craft Launcher (PCL) is a launcher for Minecraft. PCL allows users to use homepages provided by third parties. If controls such as WebBrowser are used in the homepage, WPF will use Internet Explorer to load the specified webpage. If the user uses a malicious homepage, the attacker can use IE background to access the specified webpage without knowing it. This vulnerability is fixed in 2.9.3.

Related Weaknesses (CWE)

CWE-20

References

https://github.com/Hex-Dragon/PCL2/security/advisories/GHSA-wfpw-hfcp-9m73

FAQ

What is CVE-2025-31488?

CVE-2025-31488 is a documented vulnerability. Plain Craft Launcher (PCL) is a launcher for Minecraft. PCL allows users to use homepages provided by third parties. If controls such as WebBrowser are used in the homepage, WPF will use Internet Expl...

How severe is CVE-2025-31488?

CVSS scoring is not yet available for CVE-2025-31488. Check NVD for updates.

Is there a patch for CVE-2025-31488?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.