CVE-2025-55733
Published: 19 August 2025
Summary
CVE-2025-55733 is a critical-severity Code Injection (CWE-94) vulnerability in Thinkinai Deepchat. Its CVSS base score is 9.6 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 35.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as Enterprise AI Assistants; in the Protocol-Specific Risks risk domain.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires timely identification, reporting, and correction of the specific RCE flaw in DeepChat prior to version 0.3.1 through patching to eliminate the insecure URL handling.
Mandates validation of untrusted inputs at the DeepChat application's custom deepchat: URL handler to prevent code injection from malicious URLs.
Enables vulnerability scanning to identify the presence of vulnerable DeepChat installations (CVE-2025-55733) for prompt remediation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability enables remote code execution in the DeepChat client application via exploitation of its custom deepchat: URL handler when triggered by a malicious link or embedded URL, directly mapping to Exploitation for Client Execution (T1203).
NVD Description
DeepChat is a smart assistant that connects powerful AI to your personal world. DeepChat before 0.3.1 has a one-click remote code execution vulnerability. An attacker can exploit this vulnerability by embedding a specially crafted deepchat: URL on any website, including…
more
a malicious one they control. When a victim visits such a site or clicks on the link, the browser triggers the app’s custom URL handler (deepchat:), causing the DeepChat application to launch and process the URL, leading to remote code execution on the victim’s machine. This vulnerability is fixed in 0.3.1.
Deeper analysisAI
CVE-2025-55733 is a one-click remote code execution vulnerability (CWE-94: Code Injection) in DeepChat, a smart assistant application that connects powerful AI to users' personal environments. The issue affects DeepChat versions prior to 0.3.1 and stems from insecure handling of custom deepchat: URLs by the application's URL scheme handler.
Attackers can exploit this vulnerability without privileges by embedding a specially crafted deepchat: URL on any website they control. When a victim visits the site or interacts with the link, their browser triggers the DeepChat app's custom URL handler, launching the application and processing the malicious URL, which leads to arbitrary remote code execution on the victim's machine. The CVSS v3.1 base score of 9.6 (AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H) reflects its high severity, requiring only network access and user interaction.
The vulnerability is fixed in DeepChat version 0.3.1, as detailed in the project's GitHub security advisory (GHSA-hqr4-4gfc-5p2j) and the patching commit (a0ff6f362e01ddceb7fd42d0af0b28b6184fb4d2). Users should update to 0.3.1 or later to mitigate the risk.
Details
- CWE(s)
Affected Products
AI Security AnalysisAI
- AI Category
- Enterprise AI Assistants
- Risk Domain
- Protocol-Specific Risks
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- DeepChat is explicitly described as a 'smart assistant that connects powerful AI to your personal world,' fitting the Enterprise AI Assistants category as an AI-powered application.