Plateforme
other
Composant
dive
Corrigé dans
0.9.1
CVE-2025-58176 describes a Remote Code Execution (RCE) vulnerability in Dive, an open-source MCP Host Desktop Application. This flaw allows an attacker to execute arbitrary code on a victim's system by exploiting a vulnerability in how the application handles custom URLs. The vulnerability impacts versions 0.9.0 through 0.9.3, and a fix is available in version 0.9.4.
The impact of this vulnerability is significant, as it allows for complete remote code execution. An attacker can leverage this flaw to install malware, steal sensitive data, or gain persistent access to the victim's system. The attack vector is particularly concerning, as it can be triggered simply by visiting a malicious website or clicking on a crafted link embedded within seemingly legitimate content. This makes it easy to trick users into triggering the vulnerability without their knowledge. The attack does not require any authentication or complex exploitation techniques, making it accessible to a wide range of attackers.
CVE-2025-58176 was publicly disclosed on September 3, 2025. No public proof-of-concept (PoC) code has been released as of this date. The vulnerability's ease of exploitation and potential impact suggest a medium probability of exploitation, although active campaigns are not currently confirmed. It is not listed on the CISA KEV catalog.
Users who rely on Dive for MCP Host integration and are running vulnerable versions (0.9.0 - 0.9.3) are at significant risk. This includes developers, IT professionals, and anyone using Dive within their workflow. Shared hosting environments where Dive is deployed could be particularly vulnerable, as a compromised website could potentially exploit this vulnerability on multiple systems.
• windows / supply-chain: Monitor for Dive process executions with unusual command-line arguments. Use Sysinternals Process Monitor to observe network connections and file system activity related to Dive.
Get-Process -Name Dive | Select-Object -ExpandProperty Path• linux / server: Monitor Dive process logs for suspicious URL requests. Use lsof to identify open files associated with Dive and look for unexpected files.
lsof | grep Dive• generic web: Inspect HTTP traffic for requests to Dive with the transport parameter containing suspicious values. Examine web server access logs for requests containing crafted URLs targeting Dive.
grep 'transport=' /var/log/apache2/access.logdisclosure
Statut de l'Exploit
EPSS
0.29% (percentile 52%)
CISA SSVC
Vecteur CVSS
The primary mitigation for CVE-2025-58176 is to upgrade Dive to version 0.9.4 or later, which contains the fix for this vulnerability. If upgrading is not immediately feasible, consider implementing a temporary workaround by blocking access to external URLs within the Dive application. This can be achieved through network-level firewalls or proxy configurations. Additionally, educate users to be cautious about clicking on links from untrusted sources and to verify the legitimacy of websites before visiting them. After upgrading, confirm the fix by attempting to trigger the vulnerability with a known malicious URL and verifying that the application no longer executes code.
Actualice Dive a la versión 0.9.4 o superior. Esta versión corrige la vulnerabilidad de ejecución remota de código causada por el procesamiento incorrecto de URLs personalizadas. Descargue la última versión desde el sitio web oficial o el repositorio del proyecto.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2025-58176 is a Remote Code Execution vulnerability in Dive versions 0.9.0 through 0.9.3. An attacker can execute arbitrary code by exploiting a flaw in URL handling.
You are affected if you are using Dive versions 0.9.0, 0.9.1, 0.9.2, or 0.9.3. Upgrade to version 0.9.4 or later to mitigate the risk.
Upgrade Dive to version 0.9.4 or later. As a temporary workaround, block access to external URLs within the Dive application.
Active exploitation is not currently confirmed, but the vulnerability's ease of exploitation suggests a potential risk.
Refer to the official Dive project repository and release notes for the latest advisory and update information.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.