CVE-2025-55733
Published: 19 August 2025
Summary
CVE-2025-55733 is a critical-severity Code Injection (CWE-94) vulnerability in Thinkinai Deepchat. Its CVSS base score is 9.6 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 34.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as LLM Application Platforms; in the Supply Chain and Deployment risk domain.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-55733 is a one-click remote code execution vulnerability (CWE-94: Code Injection) in DeepChat, a smart assistant application that connects powerful AI to users' personal environments. The issue affects DeepChat versions prior to 0.3.1 and stems from insecure handling of custom deepchat: URLs by the application's URL scheme handler.
Attackers can exploit this vulnerability without privileges by embedding a specially crafted deepchat: URL on any website they control. When a victim visits the site or interacts with the link, their browser triggers the DeepChat app's custom URL handler, launching the application and processing the malicious URL, which leads to arbitrary remote code execution on the victim's machine. The CVSS v3.1 base score of 9.6 (AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H) reflects its high severity, requiring only network access and user interaction.
The vulnerability is fixed in DeepChat version 0.3.1, as detailed in the project's GitHub security advisory (GHSA-hqr4-4gfc-5p2j) and the patching commit (a0ff6f362e01ddceb7fd42d0af0b28b6184fb4d2). Users should update to 0.3.1 or later to mitigate the risk.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-25237
Vulnerability details
DeepChat is a smart assistant that connects powerful AI to your personal world. DeepChat before 0.3.1 has a one-click remote code execution vulnerability. An attacker can exploit this vulnerability by embedding a specially crafted deepchat: URL on any website, including…
more
a malicious one they control. When a victim visits such a site or clicks on the link, the browser triggers the app’s custom URL handler (deepchat:), causing the DeepChat application to launch and process the URL, leading to remote code execution on the victim’s machine. This vulnerability is fixed in 0.3.1.
- CWE(s)
AI Security AnalysisAI
- AI Category
- LLM Application Platforms
- Risk Domain
- Supply Chain and Deployment
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: ai
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability enables remote code execution in the DeepChat client application via exploitation of its custom deepchat: URL handler when triggered by a malicious link or embedded URL, directly mapping to Exploitation for Client Execution (T1203).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires timely identification, reporting, and correction of the specific RCE flaw in DeepChat prior to version 0.3.1 through patching to eliminate the insecure URL handling.
Mandates validation of untrusted inputs at the DeepChat application's custom deepchat: URL handler to prevent code injection from malicious URLs.
Enables vulnerability scanning to identify the presence of vulnerable DeepChat installations (CVE-2025-55733) for prompt remediation.