Cyber Posture

CVE-2025-67744

CriticalPublic PoC

Published: 16 December 2025

Published
16 December 2025
Modified
02 January 2026
KEV Added
Patch
CVSS Score 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
EPSS Score 0.0038 59.6th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Description

DeepChat is an open-source artificial intelligence agent platform that unifies models, tools, and agents. Prior to version 0.5.3, a security vulnerability exists in the Mermaid diagram rendering component that allows arbitrary JavaScript execution. Due to the exposure of the Electron…

more

IPC renderer to the DOM, this Cross-Site Scripting (XSS) flaw escalates to full Remote Code Execution (RCE), allowing an attacker to execute arbitrary system commands. Two concurrent issues, unsafe Mermaid configuration and an exposed IPC interface, cause this issue. Version 0.5.3 contains a patch.

Mitigating Controls (NIST 800-53 r5)AI

CM-6 Configuration Settings good match
prevent

Enforces secure baseline configuration settings for the Mermaid diagram renderer to disable arbitrary JavaScript execution and for Electron IPC to prevent DOM exposure.

SC-39 Process Isolation good match
prevent

Provides process isolation between the untrusted renderer (DOM) and privileged Electron IPC interface, blocking XSS escalation to RCE.

SI-10 Information Input Validation good match
prevent

Validates inputs to the Mermaid rendering component to reject malicious diagrams containing arbitrary JavaScript code injection.

Security SummaryAI

CVE-2025-67744 is a high-severity vulnerability (CVSS 9.6) affecting DeepChat, an open-source artificial intelligence agent platform that unifies models, tools, and agents, in versions prior to 0.5.3. The flaw resides in the Mermaid diagram rendering component, which permits arbitrary JavaScript execution due to unsafe Mermaid configuration. This XSS issue escalates to full remote code execution (RCE) because of an exposed Electron IPC renderer interface accessible from the DOM, enabling attackers to run arbitrary system commands. It is classified under CWE-94 (Code Injection).

An attacker can exploit this vulnerability over the network with low complexity and no privileges required, though user interaction is needed to render a malicious Mermaid diagram within DeepChat. Successful exploitation changes the scope and grants high confidentiality, integrity, and availability impact, culminating in arbitrary command execution on the victim's system.

The GitHub security advisory (GHSA-w8w8-82pv-5rg9) and patch commit (b179d97921af04a0ae1ae68757338dd8b8cbefe7) confirm that upgrading to DeepChat version 0.5.3 resolves the issues by addressing the unsafe Mermaid configuration and exposed IPC interface.

This vulnerability is particularly relevant to AI/ML practitioners using DeepChat for agent development, as it highlights risks in rendering untrusted diagram content within Electron-based desktop applications. No real-world exploitation has been reported as of the CVE publication on 2025-12-16.

Details

CWE(s)
CWE-94

Affected Products

thinkinai
deepchat
≤ 0.5.3

AI Security AnalysisAI

AI Category
AI Agent Protocols and Integrations
Risk Domain
Other ATLAS/OWASP Terms
OWASP Top 10 for LLMs 2025
None mapped
MITRE ATLAS Techniques
None mapped
Classification Reason
DeepChat is explicitly described as an open-source artificial intelligence agent platform that unifies models, tools, and agents, fitting the AI Agent Protocols and Integrations category.

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
attack.mitre.org →
Why these techniques?

The vulnerability enables arbitrary JavaScript execution via Mermaid diagram rendering in an Electron application, escalating XSS to full RCE through exposed IPC, directly facilitating Exploitation for Client Execution.

References