Plataforma
other
Componente
deepchat
Corrigido em
0.3.2
CVE-2025-55733 describes a critical Remote Code Execution (RCE) vulnerability affecting DeepChat versions up to 0.3.1. This flaw allows an attacker to execute arbitrary code on a victim's machine by embedding a malicious 'deepchat:' URL. The vulnerability is triggered when a user clicks on or visits a website containing this specially crafted URL, leading to a potentially complete system compromise. A fix is available in version 0.3.1.
The impact of CVE-2025-55733 is severe. An attacker can leverage this vulnerability to gain complete control over a victim's system. The attack vector is deceptively simple: embedding a malicious 'deepchat:' URL on any website. When a user clicks this link, the DeepChat application, acting as a custom URL handler, processes the URL and executes the embedded code. This bypasses typical security measures, as the user is essentially tricked into running code they didn't intend to. The blast radius extends to any user of DeepChat running a vulnerable version, regardless of their technical expertise. This is similar to other URL scheme vulnerabilities where malicious code is injected through seemingly innocuous links.
CVE-2025-55733 was publicly disclosed on 2025-08-19. The vulnerability's simplicity and potential for widespread exploitation suggest a medium probability of exploitation (EPSS score likely medium). No public proof-of-concept (POC) code has been observed as of this writing, but the ease of crafting a malicious URL makes it likely that POCs will emerge. The vulnerability is not currently listed on the CISA KEV catalog.
Users of DeepChat, particularly those who frequently click on links from untrusted sources or visit websites with questionable content, are at significant risk. Individuals using DeepChat on corporate devices or systems containing sensitive data are especially vulnerable, as a successful exploit could lead to data breaches or system compromise.
disclosure
Status do Exploit
EPSS
0.29% (percentil 52%)
CISA SSVC
Vetor CVSS
The primary mitigation for CVE-2025-55733 is to immediately upgrade DeepChat to version 0.3.1 or later. This version contains the fix that prevents the malicious URL processing. If upgrading is not immediately feasible, consider restricting the use of DeepChat on systems containing sensitive data. While a direct workaround is unavailable, educating users about the risks of clicking on unfamiliar or suspicious links can help prevent exploitation. There are no specific WAF or proxy rules that can effectively mitigate this vulnerability without application-level changes. After upgrading, confirm the fix by attempting to trigger the vulnerability with a known malicious 'deepchat:' URL – it should no longer execute code.
Actualice DeepChat a la versión 0.3.1 o posterior. Esta versión corrige la vulnerabilidad de ejecución remota de código. Descargue la última versión desde la página oficial del producto o a través del mecanismo de actualización integrado en la aplicación.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2025-55733 is a critical RCE vulnerability in DeepChat versions up to 0.3.1. A malicious 'deepchat:' URL can trigger code execution on a victim's machine.
Yes, if you are using DeepChat version 0.3.1 or earlier, you are vulnerable to this RCE exploit.
Upgrade DeepChat to version 0.3.1 or later to resolve this vulnerability. This update patches the flawed URL handling.
While no active exploitation has been confirmed, the vulnerability's simplicity makes it likely that exploitation attempts will occur.
Refer to the DeepChat official website or security channels for the latest advisory and updates regarding CVE-2025-55733.
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.