Login Sign Up

CVE-2025-47777

9.6 CRITICAL
Remote Code Execution Cross-Site Scripting

📋 TL;DR

This vulnerability allows stored cross-site scripting (XSS) in 5ire's chatbot responses due to insufficient input sanitization. The XSS can escalate to remote code execution (RCE) through unsafe Electron protocol handling and exposed APIs. All users of 5ire client versions before 0.11.1, especially those interacting with untrusted chatbots or pasting external content, are affected.

💻 Affected Systems

Products:
  • 5ire desktop application
Versions: All versions prior to 0.11.1
Operating Systems: Windows, macOS, Linux
Default Config Vulnerable: ⚠️ Yes
Notes: All default installations are vulnerable. Risk highest when interacting with untrusted chatbot sources or pasting external content.

📦 What is this software?

5ire by 5ire

View all CVEs affecting 5ire →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise via remote code execution allowing attacker to execute arbitrary commands, access files, and potentially gain persistent access.

🟠

Likely Case

Stored XSS leading to session hijacking, credential theft, and limited system access through Electron APIs.

🟢

If Mitigated

XSS contained within sandbox if proper Electron security controls are enabled, limiting impact to application context.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires user interaction with malicious chatbot content. Multiple public references demonstrate similar Electron RCE techniques.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.11.1

Vendor Advisory: https://github.com/nanbingxyz/5ire/security/advisories/GHSA-mr8w-mmvv-6hq8

Restart Required: Yes

Instructions:

1. Download version 0.11.1 or later from official source. 2. Install the update. 3. Restart the application.

🔧 Temporary Workarounds

Disable untrusted chatbot interactions

all

Avoid interacting with untrusted chatbots or pasting external content into the application.

Enable Electron security flags

all

Configure Electron with additional security hardening if application allows.

--enable-sandbox
--no-experimental-features

🧯 If You Can't Patch

  • Isolate the application in a restricted environment or virtual machine
  • Implement network segmentation to limit potential lateral movement

🔍 How to Verify

Check if Vulnerable:

Check application version in settings or about dialog. If version is below 0.11.1, system is vulnerable.

Check Version:

Check application settings or about dialog for version information

Verify Fix Applied:

Confirm version is 0.11.1 or higher after update installation.

📡 Detection & Monitoring

Log Indicators:

  • Unusual JavaScript execution in Electron context
  • Suspicious protocol handler invocations
  • Unexpected child process creation

Network Indicators:

  • Unexpected outbound connections from 5ire process
  • Suspicious HTTP requests to external domains

SIEM Query:

process_name:"5ire" AND (event_type:"process_creation" OR event_type:"network_connection")

📊 Metadata

CVE ID: CVE-2025-47777
CVSS v3 Score: 9.6 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CWE: CWE-20
EPSS Score: 0.6% exploit probability (68.9th percentile)
Published: May 14, 2025
Last Updated: January 22, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-47777, you might also want to check these:

CVE-2022-47190 10.0

CVE-2022-47190 allows remote attackers to upload malicious firmware containing a webshell to Generex...

Same vulnerability type (CWE-20)
CVE-2024-3400 10.0

CVE-2024-3400 is a critical command injection vulnerability in Palo Alto Networks PAN-OS GlobalProte...

Same vulnerability type (CWE-20)
CVE-2023-42802 10.0

This critical vulnerability in GLPI allows attackers to upload malicious PHP files to unauthorized d...

Same vulnerability type (CWE-20)