CVE-2025-66481 PUBLISHED

DeepChat's Incomplete XSS Fix Allows RCE through Mermaid Content

Assigner: GitHub_M
Reserved: 02.12.2025 Published: 09.12.2025 Updated: 09.12.2025

DeepChat is an open-source AI chat platform that supports cloud models and LLMs. Versions 0.5.1 and below are vulnerable to XSS attacks through improperly sanitized Mermaid content. The recent security patch for MermaidArtifact.vue is insufficient and can be bypassed using unquoted HTML attributes combined with HTML entity encoding. Remote Code Execution is possible on the victim's machine via the electron.ipcRenderer interface, bypassing the regex filter intended to strip dangerous attributes. There is no fix at time of publication.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CVSS Score: 9.7

Attack Vector	Network	Scope	Changed
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	None	Integrity Impact	High
User Interaction	Required	Availability Impact	High

CVSS 3.1

Product Status

Vendor	ThinkInAIXYZ
Product	deepchat
Versions	Version <= 0.5.1 is affected

References

https://github.com/ThinkInAIXYZ/deepchat/security/advisories/GHSA-h9f5-7hhf-fqm4

Problem Types

CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) CWE
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE
CWE-94: Improper Control of Generation of Code ('Code Injection') CWE