CVE-2024-25004 – KiTTY versions 0.76.1.13 and earlier contain a ... (How to Fix)

Q: What is the severity of CVE-2024-25004?

CVE-2024-25004 has a CVSS score of 7.8 (HIGH). KiTTY versions 0.76.1.13 and earlier contain a stack-based buffer overflow vulnerability in the username handling code (line 2600) due to insufficient bounds checking. This allows attackers to execute arbitrary code on affected systems by providing specially crafted usernames. Users running vulnerable KiTTY versions are affected.

📋 TL;DR

KiTTY versions 0.76.1.13 and earlier contain a stack-based buffer overflow vulnerability in the username handling code (line 2600) due to insufficient bounds checking. This allows attackers to execute arbitrary code on affected systems by providing specially crafted usernames. Users running vulnerable KiTTY versions are affected.

💻 Affected Systems

Products:

KiTTY

Versions: 0.76.1.13 and earlier

Operating Systems: Windows, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: All installations of affected versions are vulnerable regardless of configuration.

📦 What is this software?

Kitty by 9bis

View all CVEs affecting Kitty →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with remote code execution, allowing attackers to install malware, steal credentials, or pivot to other systems.

🟠

Likely Case

Local privilege escalation or remote code execution when KiTTY processes untrusted username input, potentially leading to system takeover.

🟢

If Mitigated

Limited impact if proper input validation and memory protections are in place, though exploitation may still be possible.

🌐 Internet-Facing: MEDIUM - Exploitation typically requires user interaction or specific conditions, but could be weaponized in targeted attacks.

🏢 Internal Only: HIGH - Internal systems using KiTTY for administration could be compromised, allowing lateral movement within networks.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires the attacker to control username input, which may occur through configuration files, command-line arguments, or compromised systems.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.76.1.14 or later

Vendor Advisory: https://www.9bis.net/kitty/

Restart Required: Yes

Instructions:

1. Download latest KiTTY version from official site. 2. Uninstall old version. 3. Install new version. 4. Restart any KiTTY processes.

🔧 Temporary Workarounds

Input Validation

all

Implement strict input validation for usernames in KiTTY configuration

# Manually validate username length and characters before using in KiTTY

Memory Protection

all

Enable DEP/ASLR and other memory protection mechanisms

# Windows: bcdedit /set {current} nx AlwaysOn
# Linux: echo 2 > /proc/sys/kernel/randomize_va_space

🧯 If You Can't Patch

Restrict KiTTY usage to trusted environments only
Implement network segmentation to limit KiTTY access

🔍 How to Verify

Check if Vulnerable:

Check KiTTY version in Help > About menu or run 'kitty --version'

Check Version:

kitty --version

Verify Fix Applied:

Verify version is 0.76.1.14 or higher after update

📡 Detection & Monitoring

Log Indicators:

Unusual process creation from KiTTY
Long or malformed username entries in logs

Network Indicators:

Unexpected network connections from KiTTY processes

SIEM Query:

process_name:"kitty.exe" AND (process_cmdline:*username* OR parent_process:unusual)

📊 Metadata

CVE ID: CVE-2024-25004

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: February 9, 2024

Last Updated: May 15, 2025

🔗 References

http://packetstormsecurity.com/files/177031/KiTTY-0.76.1.13-Command-Injection.html
http://packetstormsecurity.com/files/177032/KiTTY-0.76.1.13-Buffer-Overflows.html Third Party Advisory,VDB Entry
http://seclists.org/fulldisclosure/2024/Feb/13 Exploit,Mailing List
http://seclists.org/fulldisclosure/2024/Feb/14 Exploit,Mailing List
https://blog.defcesco.io/CVE-2024-25003-CVE-2024-25004 Exploit,Third Party Advisory
http://packetstormsecurity.com/files/177031/KiTTY-0.76.1.13-Command-Injection.html
http://packetstormsecurity.com/files/177032/KiTTY-0.76.1.13-Buffer-Overflows.html Third Party Advisory,VDB Entry
http://seclists.org/fulldisclosure/2024/Feb/13 Exploit,Mailing List
http://seclists.org/fulldisclosure/2024/Feb/14 Exploit,Mailing List
https://blog.defcesco.io/CVE-2024-25003-CVE-2024-25004 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-25004, you might also want to check these: