Cyber Resilience

CVE-2025-47777

CriticalPublic PoC

Published: 14 May 2025

Published
14 May 2025
Modified
22 January 2026
KEV Added
Patch
CVSS Score v3.1 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
EPSS Score 0.0222 84.9th percentile
Risk Priority 21 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-47777 is a critical-severity Improper Input Validation (CWE-20) vulnerability in 5Ire 5Ire. Its CVSS base score is 9.6 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 15.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as LLM Application Platforms; in the LLM/Generative AI Risks risk domain.

Deeper analysis

5ire is a cross-platform desktop AI assistant and model context protocol client that is affected by a stored cross-site scripting vulnerability in versions prior to 0.11.1. The flaw stems from insufficient sanitization of chatbot responses, which can be escalated to remote code execution through unsafe Electron protocol handling and exposed APIs. The issue carries a CVSS score of 9.6 and is associated with CWE-20 and CWE-79.

An attacker can exploit the vulnerability by delivering malicious content through untrusted chatbots or externally pasted material, enabling arbitrary code execution on the victim's machine when the response is rendered. All users of affected 5ire clients are potentially impacted, with the attack requiring user interaction such as viewing the crafted response.

The project's GitHub security advisory and associated commit confirm that version 0.11.1 contains a fix. Linked references highlight Electron security guidance and prior research on URL-handling RCE vectors in similar applications, underscoring the need to apply the patch and follow recommended hardening practices for Electron-based clients.

The EPSS score remains low and unchanged at 0.0222 with no observed rise after disclosure.

EU & UK References

Vulnerability details

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Versions prior to 0.11.1 are vulnerable to stored cross-site scripting in chatbot responses due to insufficient sanitization. This, in turn, can lead to Remote Code Execution (RCE)…

more

via unsafe Electron protocol handling and exposed Electron APIs. All users of 5ire client versions prior to patched releases, particularly those interacting with untrusted chatbots or pasting external content, are affected. Version 0.11.1 contains a patch for the issue.

CWE(s)

AI Security AnalysisAI

AI Category
LLM Application Platforms
Risk Domain
LLM/Generative AI Risks
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: artificial intelligence, model context protocol

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
Why these techniques?

Stored XSS in 5ire Electron desktop app leads to RCE via unsafe protocol handling and exposed APIs when processing untrusted chatbot responses or pasted content, enabling Exploitation for Client Execution.

Affected Assets

5ire
5ire
≤ 0.11.1

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-20 CWE-79

Directly implements checks on information inputs to reject invalid data before processing.

addresses: CWE-79

Penetration testing submits XSS payloads to web applications, detecting cross-site scripting flaws for subsequent remediation.

addresses: CWE-20

Security testing and developer training directly verify and enforce proper input validation, reducing exploitability of injection and malformed-data weaknesses.

addresses: CWE-20

Security testing and evaluation at multiple SDLC stages directly detects missing or flawed input validation, with the required remediation process ensuring fixes are applied.

addresses: CWE-79

Output validation against expected content can reject or sanitize script content in generated web pages, reducing XSS exploitability.

addresses: CWE-20

Spam protection mechanisms perform filtering and detection on inbound/outbound messages, directly compensating for missing or weak input validation of unsolicited content.

References