Platform
javascript
Component
deepchat
Fixed in
0.5.2
CVE-2025-66481 is a critical Cross-Site Scripting (XSS) vulnerability affecting DeepChat, an open-source AI chat platform. This vulnerability allows attackers to bypass sanitization measures and potentially achieve Remote Code Execution (RCE) on a victim's machine. Versions 0.5.1 and earlier are vulnerable, and a fix is available in version 0.5.2.
The vulnerability stems from improper sanitization of Mermaid content within DeepChat. Attackers can exploit this by injecting malicious Mermaid code containing unquoted HTML attributes combined with HTML entity encoding. This bypasses the intended regex filter, allowing for the execution of arbitrary JavaScript code within the context of the user's browser. The use of electron.ipcRenderer amplifies the impact, potentially enabling attackers to execute code directly on the victim's machine, rather than just within the browser environment. This could lead to data theft, account compromise, or even complete system takeover, depending on the privileges of the user running DeepChat.
This vulnerability has been publicly disclosed and carries a CRITICAL CVSS score of 9.7. While no public proof-of-concept (PoC) has been released at the time of publication, the ease of exploitation and potential for RCE suggest a high probability of exploitation. It is not currently listed on the CISA KEV catalog. Given the potential for RCE, organizations should prioritize patching or implementing mitigations.
Exploit Status
EPSS
0.26% (49% percentile)
CISA SSVC
CVSS Vector
The primary mitigation is to immediately upgrade DeepChat to version 0.5.2 or later, which includes the necessary fix. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) rule to block requests containing suspicious Mermaid code patterns, specifically those utilizing unquoted HTML attributes and HTML entity encoding. Carefully review and restrict the permissions granted to the electron.ipcRenderer interface to limit the potential damage from successful exploitation. Monitor DeepChat logs for any unusual activity or attempts to inject malicious code.
Update DeepChat to a version later than 0.5.1 when a patched version is available. Currently, no solution is available, so it is recommended to monitor security updates from ThinkInAIXYZ and avoid using untrusted Mermaid content until a solution is published.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-66481 is a critical XSS vulnerability in DeepChat versions 0.5.1 and below, allowing attackers to bypass sanitization and potentially achieve Remote Code Execution (RCE).
You are affected if you are using DeepChat versions 0.5.1 or earlier. Upgrade to 0.5.2 or later to mitigate the risk.
Upgrade DeepChat to version 0.5.2 or later. As a temporary workaround, implement a WAF rule to block suspicious Mermaid code.
While no public exploit is currently known, the vulnerability's severity and ease of exploitation suggest a high probability of exploitation.
Refer to the DeepChat project's official security advisories and release notes for the latest information and updates.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.