CVE-2025-66222 – DeepChat versions 0.5.0 and earlier contain a s... (How to Fix)

Q: What is the severity of CVE-2025-66222?

CVE-2025-66222 has a CVSS score of 9.6 (CRITICAL). DeepChat versions 0.5.0 and earlier contain a stored XSS vulnerability in the Mermaid diagram renderer that allows attackers to execute arbitrary JavaScript. This can be escalated to remote code execution via the exposed Electron IPC bridge by registering malicious MCP servers. All users running vulnerable versions are affected.

📋 TL;DR

DeepChat versions 0.5.0 and earlier contain a stored XSS vulnerability in the Mermaid diagram renderer that allows attackers to execute arbitrary JavaScript. This can be escalated to remote code execution via the exposed Electron IPC bridge by registering malicious MCP servers. All users running vulnerable versions are affected.

💻 Affected Systems

Products:

DeepChat

Versions: 0.5.0 and earlier

Operating Systems: Windows, macOS, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: All installations with Mermaid diagram functionality enabled are vulnerable. Electron-based desktop applications are particularly at risk.

📦 What is this software?

Deepchat by Thinkinai

View all CVEs affecting Deepchat →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise via RCE allowing attacker to execute arbitrary code on the host system, potentially leading to data theft, lateral movement, or complete system takeover.

🟠

Likely Case

Stored XSS leading to session hijacking, credential theft, or limited data exfiltration from within the application context.

🟢

If Mitigated

XSS payloads are sanitized or blocked, preventing JavaScript execution and subsequent RCE escalation.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction (viewing malicious content) but the XSS-to-RCE chain is documented in the advisory.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.5.1 or later

Vendor Advisory: https://github.com/ThinkInAIXYZ/deepchat/security/advisories/GHSA-v8v5-c872-mf8r

Restart Required: Yes

Instructions:

1. Update DeepChat to version 0.5.1 or later. 2. Restart the application. 3. Verify the fix by checking the version number.

🔧 Temporary Workarounds

Disable Mermaid diagram functionality

all

Temporarily disable Mermaid diagram rendering to prevent XSS exploitation

Content Security Policy

all

Implement strict CSP headers to block inline script execution

🧯 If You Can't Patch

Isolate DeepChat instances on separate network segments with strict egress filtering
Implement application allowlisting and monitor for suspicious process creation

🔍 How to Verify

Check if Vulnerable:

Check DeepChat version in application settings or about dialog. Versions 0.5.0 or earlier are vulnerable.

Check Version:

Check application settings or run: deepchat --version (if available)

Verify Fix Applied:

Verify version is 0.5.1 or later. Test Mermaid diagram functionality with known safe diagrams.

📡 Detection & Monitoring

Log Indicators:

Unusual Mermaid diagram content with JavaScript payloads
Suspicious IPC bridge activity
Unexpected MCP server registration

Network Indicators:

Outbound connections to unexpected MCP servers
Unusual process spawning from DeepChat

SIEM Query:

process_name:deepchat AND (event_type:process_creation OR event_type:network_connection)

📊 Metadata

CVE ID: CVE-2025-66222

CVSS v3 Score: 9.6 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CWE: CWE-94

EPSS Score: 0.27% exploit probability (50th percentile)

Published: December 3, 2025

Last Updated: December 5, 2025

🔗 References

https://github.com/ThinkInAIXYZ/deepchat/commit/371ca7b42e3685aee6e3f0c61e85277ed1ff4db7 Patch
https://github.com/ThinkInAIXYZ/deepchat/security/advisories/GHSA-v8v5-c872-mf8r Exploit,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-66222, you might also want to check these: