CVE-2025-31488

Name: CVE-2025-31488
Creator: NVD / NIST
Published: 2025-04-06T20:15:14.31+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 4.9/10EPSS 0.15%

Last modified Jun 17, 2026

CVE-2025-31488 is a medium-severity vulnerability rated 4.9/10 on the CVSS scale. Plain Craft Launcher (PCL) is a launcher for Minecraft. PCL allows users to use homepages provided by third parties. EPSS estimates a 0.15% chance of exploitation in the next 30 days.

Description

Plain Craft Launcher (PCL) is a launcher for Minecraft. PCL allows users to use homepages provided by third parties. If controls such as WebBrowser are used in the homepage, WPF will use Internet Explorer to load the specified webpage. If the user uses a malicious homepage, the attacker can use IE background to access the specified webpage without knowing it. This vulnerability is fixed in 2.9.3.

Metrics

CVSS 4.0

4.9/10

CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

EPSS Probability

0.15%

4.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-20

References

https://github.com/Hex-Dragon/PCL2/security/advisories/GHSA-wfpw-hfcp-9m73

Timeline

Published: Apr 6, 2025
Last Modified: Jun 17, 2026
Status: Deferred

Frequently Asked Questions

What is CVE-2025-31488?

How severe is CVE-2025-31488?

CVE-2025-31488 has a CVSS score of 4.9/10 (MEDIUM severity). The EPSS model estimates a 0.15% probability of exploitation in the next 30 days.

How do I fix CVE-2025-31488?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2025-31488?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST