Platform
other
Component
dive
Opgelost in
0.11.2
A critical Stored Cross-Site Scripting (XSS) vulnerability (CVE-2025-66580) has been identified in Dive, an open-source MCP Host Desktop Application, affecting versions prior to 0.11.1. This vulnerability resides within the Mermaid diagram rendering component and allows attackers to inject malicious JavaScript. Successful exploitation can lead to Remote Code Execution (RCE) on the victim's machine by injecting a malicious Model Context Protocol (MCP) server configuration.
The impact of CVE-2025-66580 is severe. An attacker can leverage the XSS vulnerability to inject arbitrary JavaScript code into the Mermaid diagrams rendered by Dive. This injected code can then be used to craft a malicious Model Context Protocol (MCP) server configuration. When a user clicks on a node containing this malicious configuration, the application will attempt to connect to the attacker-controlled MCP server. This connection can then be exploited to execute arbitrary code on the victim's machine, effectively achieving Remote Code Execution (RCE). The blast radius extends to any user interacting with Dive and potentially accessing malicious diagrams, making it a significant risk.
CVE-2025-66580 was publicly disclosed on 2025-12-19. No public proof-of-concept (PoC) code has been released at the time of writing, but the vulnerability's severity and potential for RCE suggest a high likelihood of exploitation. Its inclusion in the CVSS v3.1 scoring system with a score of 9.7 (CRITICAL) underscores the urgency of patching. The vulnerability's reliance on user interaction (clicking a node) may limit its immediate exploitability in automated campaigns, but targeted attacks are a significant concern.
Organizations and individuals utilizing Dive for integrating with function-calling LLMs are at risk. This includes developers, data scientists, and anyone relying on Dive for managing and interacting with LLM-based applications. Users who frequently handle external Mermaid diagrams or those with limited security awareness are particularly vulnerable.
• windows / supply-chain: Monitor Dive processes for unusual network connections or execution of unexpected scripts. Use Windows Defender to scan for malicious MCP server configurations.
Get-Process -Name Dive | Select-Object -ExpandProperty Path• generic web: Inspect network traffic for connections to suspicious MCP servers. Examine Dive's configuration files for signs of tampering. • database (mysql, redis, mongodb, postgresql): N/A - This vulnerability does not directly affect databases. • wordpress / composer / npm: N/A - This vulnerability does not directly affect these platforms. • linux / server: Monitor Dive processes for unusual network connections or execution of unexpected scripts. Examine system logs for errors related to Mermaid diagram rendering.
disclosure
Exploit Status
EPSS
0.27% (50% percentiel)
CISA SSVC
CVSS-vector
The primary mitigation for CVE-2025-66580 is to upgrade Dive to version 0.11.1 or later, which contains the fix for this vulnerability. If upgrading is not immediately feasible, consider implementing strict input validation and sanitization on any user-supplied data used in Mermaid diagrams. While a WAF or proxy may offer some protection, it's unlikely to be effective against this type of stored XSS. Thoroughly review and audit all Mermaid diagrams before allowing them to be rendered within the application.
Werk Dive bij naar versie 0.11.1 of hoger. Deze versie corrigeert de Cross-Site Scripting (XSS) kwetsbaarheid die Remote Code Execution mogelijk maakt. De update voorkomt dat een aanvaller kwaadaardige MCP server configuraties injecteert en uw machine compromitteert.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2025-66580 is a critical Stored Cross-Site Scripting (XSS) vulnerability in Dive versions prior to 0.11.1, allowing malicious JavaScript injection through Mermaid diagrams, potentially leading to RCE.
You are affected if you are using Dive version 0.11.1 or earlier. Upgrade to 0.11.1 to eliminate the vulnerability.
Upgrade Dive to version 0.11.1 or later. This version includes a fix for the XSS vulnerability.
While no public exploits are currently known, the vulnerability's severity and potential for RCE suggest a high likelihood of exploitation.
Refer to the official Dive project repository and associated security announcements for the latest information and advisory regarding CVE-2025-66580.
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.