Cyber Resilience

CVE-2025-67744

CriticalPublic PoCRCE

Published: 16 December 2025

Published
16 December 2025
Modified
02 January 2026
KEV Added
Patch
CVSS Score v3.1 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
EPSS Score 0.0026 49.9th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-67744 is a critical-severity Code Injection (CWE-94) vulnerability in Thinkinai Deepchat. Its CVSS base score is 9.6 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 49.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as LLM Application Platforms; in the Supply Chain and Deployment risk domain.

The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and SC-39 (Process Isolation).

Deeper analysis

CVE-2025-67744 is a high-severity vulnerability (CVSS 9.6) affecting DeepChat, an open-source artificial intelligence agent platform that unifies models, tools, and agents, in versions prior to 0.5.3. The flaw resides in the Mermaid diagram rendering component, which permits arbitrary JavaScript execution due to unsafe Mermaid configuration. This XSS issue escalates to full remote code execution (RCE) because of an exposed Electron IPC renderer interface accessible from the DOM, enabling attackers to run arbitrary system commands. It is classified under CWE-94 (Code Injection).

An attacker can exploit this vulnerability over the network with low complexity and no privileges required, though user interaction is needed to render a malicious Mermaid diagram within DeepChat. Successful exploitation changes the scope and grants high confidentiality, integrity, and availability impact, culminating in arbitrary command execution on the victim's system.

The GitHub security advisory (GHSA-w8w8-82pv-5rg9) and patch commit (b179d97921af04a0ae1ae68757338dd8b8cbefe7) confirm that upgrading to DeepChat version 0.5.3 resolves the issues by addressing the unsafe Mermaid configuration and exposed IPC interface.

This vulnerability is particularly relevant to AI/ML practitioners using DeepChat for agent development, as it highlights risks in rendering untrusted diagram content within Electron-based desktop applications. No real-world exploitation has been reported as of the CVE publication on 2025-12-16.

EU & UK References

Vulnerability details

DeepChat is an open-source artificial intelligence agent platform that unifies models, tools, and agents. Prior to version 0.5.3, a security vulnerability exists in the Mermaid diagram rendering component that allows arbitrary JavaScript execution. Due to the exposure of the Electron…

more

IPC renderer to the DOM, this Cross-Site Scripting (XSS) flaw escalates to full Remote Code Execution (RCE), allowing an attacker to execute arbitrary system commands. Two concurrent issues, unsafe Mermaid configuration and an exposed IPC interface, cause this issue. Version 0.5.3 contains a patch.

CWE(s)

AI Security AnalysisAI

AI Category
LLM Application Platforms
Risk Domain
Supply Chain and Deployment
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: artificial intelligence

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
Why these techniques?

The vulnerability enables arbitrary JavaScript execution via Mermaid diagram rendering in an Electron application, escalating XSS to full RCE through exposed IPC, directly facilitating Exploitation for Client Execution.

CVEs Like This One

CVE-2025-55733Same product: Thinkinai Deepchat
CVE-2025-66222Same product: Thinkinai Deepchat
CVE-2025-66481Same product: Thinkinai Deepchat
CVE-2025-58768Same product: Thinkinai Deepchat
CVE-2025-46059Shared CWE-94
CVE-2026-0500Shared CWE-94
CVE-2025-27678Shared CWE-94
CVE-2024-56448Shared CWE-94
CVE-2026-21853Shared CWE-94
CVE-2026-22793Shared CWE-94

Affected Assets

thinkinai
deepchat
≤ 0.5.3

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces secure baseline configuration settings for the Mermaid diagram renderer to disable arbitrary JavaScript execution and for Electron IPC to prevent DOM exposure.

prevent

Provides process isolation between the untrusted renderer (DOM) and privileged Electron IPC interface, blocking XSS escalation to RCE.

prevent

Validates inputs to the Mermaid rendering component to reject malicious diagrams containing arbitrary JavaScript code injection.

References