Cyber Resilience

CVE-2025-55733

CriticalPublic PoCRCE

Published: 19 August 2025

Published
19 August 2025
Modified
17 September 2025
KEV Added
Patch
CVSS Score v3.1 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
EPSS Score 0.0047 65.1th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-55733 is a critical-severity Code Injection (CWE-94) vulnerability in Thinkinai Deepchat. Its CVSS base score is 9.6 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 34.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as LLM Application Platforms; in the Supply Chain and Deployment risk domain.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-55733 is a one-click remote code execution vulnerability (CWE-94: Code Injection) in DeepChat, a smart assistant application that connects powerful AI to users' personal environments. The issue affects DeepChat versions prior to 0.3.1 and stems from insecure handling of custom deepchat: URLs by the application's URL scheme handler.

Attackers can exploit this vulnerability without privileges by embedding a specially crafted deepchat: URL on any website they control. When a victim visits the site or interacts with the link, their browser triggers the DeepChat app's custom URL handler, launching the application and processing the malicious URL, which leads to arbitrary remote code execution on the victim's machine. The CVSS v3.1 base score of 9.6 (AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H) reflects its high severity, requiring only network access and user interaction.

The vulnerability is fixed in DeepChat version 0.3.1, as detailed in the project's GitHub security advisory (GHSA-hqr4-4gfc-5p2j) and the patching commit (a0ff6f362e01ddceb7fd42d0af0b28b6184fb4d2). Users should update to 0.3.1 or later to mitigate the risk.

EU & UK References

Vulnerability details

DeepChat is a smart assistant that connects powerful AI to your personal world. DeepChat before 0.3.1 has a one-click remote code execution vulnerability. An attacker can exploit this vulnerability by embedding a specially crafted deepchat: URL on any website, including…

more

a malicious one they control. When a victim visits such a site or clicks on the link, the browser triggers the app’s custom URL handler (deepchat:), causing the DeepChat application to launch and process the URL, leading to remote code execution on the victim’s machine. This vulnerability is fixed in 0.3.1.

CWE(s)

AI Security AnalysisAI

AI Category
LLM Application Platforms
Risk Domain
Supply Chain and Deployment
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: ai

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
Why these techniques?

The vulnerability enables remote code execution in the DeepChat client application via exploitation of its custom deepchat: URL handler when triggered by a malicious link or embedded URL, directly mapping to Exploitation for Client Execution (T1203).

CVEs Like This One

CVE-2025-67744Same product: Thinkinai Deepchat
CVE-2025-58768Same product: Thinkinai Deepchat
CVE-2025-66222Same product: Thinkinai Deepchat
CVE-2025-66481Same product: Thinkinai Deepchat
CVE-2025-54063Shared CWE-94
CVE-2026-0500Shared CWE-94
CVE-2025-27678Shared CWE-94
CVE-2024-56448Shared CWE-94
CVE-2026-21853Shared CWE-94
CVE-2025-61593Shared CWE-94

Affected Assets

thinkinai
deepchat
0.3.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires timely identification, reporting, and correction of the specific RCE flaw in DeepChat prior to version 0.3.1 through patching to eliminate the insecure URL handling.

prevent

Mandates validation of untrusted inputs at the DeepChat application's custom deepchat: URL handler to prevent code injection from malicious URLs.

detectrespond

Enables vulnerability scanning to identify the presence of vulnerable DeepChat installations (CVE-2025-55733) for prompt remediation.

References