Web Browser Exploitation Risk in Plain Craft Launcher
CVE-2025-31488

4.9MEDIUM

Key Information:

Vendor: Hex-dragon
Status: Pcl2
Vendor: CVE Published:; 6 April 2025

Summary

The Plain Craft Launcher (PCL), used for Minecraft, has a vulnerability that allows attackers to exploit the application's use of third-party homepages. When a homepage uses controls like WebBrowser, PCL relies on Internet Explorer to load web content. If users inadvertently visit a manipulated homepage, an attacker can exploit this to access sensitive data or perform actions without the user's knowledge. This issue has been addressed in version 2.9.3.

Affected Version(s)

PCL2 < 2.9.3

References

https://github.com/Hex-Dragon/PCL2/security/advisories/GH...

x_refsource_CONFIRM

CVSS V4

Score:

4.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
Apr 6, 2025
Vulnerability Reserved
Mar 28, 2025