CVE-2025-26210
📋 TL;DR
CVE-2025-26210 is a cross-site scripting (XSS) vulnerability in DeepSeek R1 through version V3.1 that allows attackers to execute arbitrary JavaScript in the context of the run-html-chat.deepseeksvc.com domain. This affects users of DeepSeek R1 AI assistant software who interact with the vulnerable chat interface. Some third parties indicate this may be intended behavior, but it still represents a security risk.
💻 Affected Systems
- DeepSeek R1
📦 What is this software?
Deepseek R1 by Deepseek
Deepseek V2 by Deepseek
Deepseek V3 by Deepseek
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal user session tokens, credentials, or sensitive data from the chat interface, perform actions as authenticated users, or redirect users to malicious sites.
Likely Case
Attackers could inject malicious scripts to steal user data or perform limited actions within the chat context, potentially compromising user privacy.
If Mitigated
With proper content security policies and input validation, impact would be limited to the specific chat session with minimal data exposure.
🎯 Exploit Status
Public proof-of-concept exists in provided references. Exploitation requires user interaction with malicious chat content.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: https://deepseek.com
Restart Required: No
Instructions:
No official patch available. Monitor DeepSeek for security updates and upgrade to version beyond V3.1 when available.
🔧 Temporary Workarounds
Implement Content Security Policy
allAdd strict CSP headers to prevent inline script execution and restrict script sources
Add 'Content-Security-Policy: script-src 'self';' to HTTP headers
Input Sanitization
allImplement server-side input validation and output encoding for all user-provided content
Implement HTML entity encoding for user inputs before rendering
🧯 If You Can't Patch
- Restrict access to run-html-chat.deepseeksvc.com domain to trusted users only
- Implement web application firewall rules to detect and block XSS payloads
🔍 How to Verify
Check if Vulnerable:
Test if JavaScript can be executed in chat inputs by attempting to inject basic XSS payloads like <script>alert('test')</script>Check Version:
Check DeepSeek R1 version in application settings or about pageVerify Fix Applied:
Verify that injected scripts no longer execute and are properly sanitized in output📡 Detection & Monitoring
Log Indicators:
- Unusual script tags or JavaScript patterns in chat logs
- Multiple failed script injection attempts
Network Indicators:
- Requests containing suspicious script patterns to chat endpoints
- External script loads from unexpected domains
SIEM Query:
source="web_logs" AND ("<script>" OR "javascript:" OR "onerror=" OR "onload=") AND dest="run-html-chat.deepseeksvc.com"