Vulnerability Details CVE-2025-66222
DeepChat is a smart assistant uses artificial intelligence. In 0.5.0 and earlier, there is a Stored Cross-Site Scripting (XSS) vulnerability in the Mermaid diagram renderer allows an attacker to execute arbitrary JavaScript within the application context. By leveraging the exposed Electron IPC bridge, this XSS can be escalated to Remote Code Execution (RCE) by registering and starting a malicious MCP (Model Context Protocol) server.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 36.5%
CVSS Severity
CVSS v3 Score 9.6
References
Products affected by CVE-2025-66222
-
cpe:2.3:a:thinkinai:deepchat:0.0.1
-
cpe:2.3:a:thinkinai:deepchat:0.0.10
-
cpe:2.3:a:thinkinai:deepchat:0.0.11
-
cpe:2.3:a:thinkinai:deepchat:0.0.12
-
cpe:2.3:a:thinkinai:deepchat:0.0.13
-
cpe:2.3:a:thinkinai:deepchat:0.0.14
-
cpe:2.3:a:thinkinai:deepchat:0.0.15
-
cpe:2.3:a:thinkinai:deepchat:0.0.16
-
cpe:2.3:a:thinkinai:deepchat:0.0.2
-
cpe:2.3:a:thinkinai:deepchat:0.0.3
-
cpe:2.3:a:thinkinai:deepchat:0.0.5
-
cpe:2.3:a:thinkinai:deepchat:0.0.6
-
cpe:2.3:a:thinkinai:deepchat:0.0.7
-
cpe:2.3:a:thinkinai:deepchat:0.0.8
-
cpe:2.3:a:thinkinai:deepchat:0.0.8-1
-
cpe:2.3:a:thinkinai:deepchat:0.0.9
-
cpe:2.3:a:thinkinai:deepchat:0.1.0
-
cpe:2.3:a:thinkinai:deepchat:0.1.1
-
cpe:2.3:a:thinkinai:deepchat:0.2.0
-
cpe:2.3:a:thinkinai:deepchat:0.2.0-1
-
cpe:2.3:a:thinkinai:deepchat:0.2.1
-
cpe:2.3:a:thinkinai:deepchat:0.2.2
-
cpe:2.3:a:thinkinai:deepchat:0.2.3
-
cpe:2.3:a:thinkinai:deepchat:0.2.3-1
-
cpe:2.3:a:thinkinai:deepchat:0.2.4
-
cpe:2.3:a:thinkinai:deepchat:0.2.5
-
cpe:2.3:a:thinkinai:deepchat:0.2.6
-
cpe:2.3:a:thinkinai:deepchat:0.2.7
-
cpe:2.3:a:thinkinai:deepchat:0.2.8
-
cpe:2.3:a:thinkinai:deepchat:0.2.9
-
cpe:2.3:a:thinkinai:deepchat:0.3.0
-
cpe:2.3:a:thinkinai:deepchat:0.3.1
-
cpe:2.3:a:thinkinai:deepchat:0.3.2
-
cpe:2.3:a:thinkinai:deepchat:0.3.3
-
cpe:2.3:a:thinkinai:deepchat:0.3.4
-
cpe:2.3:a:thinkinai:deepchat:0.3.5
-
cpe:2.3:a:thinkinai:deepchat:0.3.6
-
cpe:2.3:a:thinkinai:deepchat:0.3.7
-
cpe:2.3:a:thinkinai:deepchat:0.3.8
-
cpe:2.3:a:thinkinai:deepchat:0.3.9
-
cpe:2.3:a:thinkinai:deepchat:0.4.0
-
cpe:2.3:a:thinkinai:deepchat:0.4.1
-
cpe:2.3:a:thinkinai:deepchat:0.4.2
-
cpe:2.3:a:thinkinai:deepchat:0.4.3
-
cpe:2.3:a:thinkinai:deepchat:0.4.5
-
cpe:2.3:a:thinkinai:deepchat:0.4.6
-
cpe:2.3:a:thinkinai:deepchat:0.4.8
-
cpe:2.3:a:thinkinai:deepchat:0.4.9
-
cpe:2.3:a:thinkinai:deepchat:0.5.0