CVE-2025-47777
Published: 14 May 2025
Summary
CVE-2025-47777 is a critical-severity Improper Input Validation (CWE-20) vulnerability in 5Ire 5Ire. Its CVSS base score is 9.6 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 15.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as LLM Application Platforms; in the LLM/Generative AI Risks risk domain.
Deeper analysis
5ire is a cross-platform desktop AI assistant and model context protocol client that is affected by a stored cross-site scripting vulnerability in versions prior to 0.11.1. The flaw stems from insufficient sanitization of chatbot responses, which can be escalated to remote code execution through unsafe Electron protocol handling and exposed APIs. The issue carries a CVSS score of 9.6 and is associated with CWE-20 and CWE-79.
An attacker can exploit the vulnerability by delivering malicious content through untrusted chatbots or externally pasted material, enabling arbitrary code execution on the victim's machine when the response is rendered. All users of affected 5ire clients are potentially impacted, with the attack requiring user interaction such as viewing the crafted response.
The project's GitHub security advisory and associated commit confirm that version 0.11.1 contains a fix. Linked references highlight Electron security guidance and prior research on URL-handling RCE vectors in similar applications, underscoring the need to apply the patch and follow recommended hardening practices for Electron-based clients.
The EPSS score remains low and unchanged at 0.0222 with no observed rise after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-28123
Vulnerability details
5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Versions prior to 0.11.1 are vulnerable to stored cross-site scripting in chatbot responses due to insufficient sanitization. This, in turn, can lead to Remote Code Execution (RCE)…
more
via unsafe Electron protocol handling and exposed Electron APIs. All users of 5ire client versions prior to patched releases, particularly those interacting with untrusted chatbots or pasting external content, are affected. Version 0.11.1 contains a patch for the issue.
- CWE(s)
AI Security AnalysisAI
- AI Category
- LLM Application Platforms
- Risk Domain
- LLM/Generative AI Risks
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: artificial intelligence, model context protocol
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stored XSS in 5ire Electron desktop app leads to RCE via unsafe protocol handling and exposed APIs when processing untrusted chatbot responses or pasted content, enabling Exploitation for Client Execution.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Directly implements checks on information inputs to reject invalid data before processing.
Penetration testing submits XSS payloads to web applications, detecting cross-site scripting flaws for subsequent remediation.
Security testing and developer training directly verify and enforce proper input validation, reducing exploitability of injection and malformed-data weaknesses.
Security testing and evaluation at multiple SDLC stages directly detects missing or flawed input validation, with the required remediation process ensuring fixes are applied.
Output validation against expected content can reject or sanitize script content in generated web pages, reducing XSS exploitability.
Spam protection mechanisms perform filtering and detection on inbound/outbound messages, directly compensating for missing or weak input validation of unsolicited content.