CVE-2025-68669

CriticalPublic PoC

Published: 23 December 2025

Published

23 December 2025

Modified

06 February 2026

KEV Added

—

Patch

—

CVSS Score 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

EPSS Score 0.0010 27.5th percentile

Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-68669 is a critical-severity Cross-site Scripting (CWE-79) vulnerability in 5Ire 5Ire. Its CVSS base score is 9.6 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 27.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as Enterprise AI Assistants; in the Other ATLAS/OWASP Terms risk domain.

The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Client Execution (T1203). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

CM-6 Configuration Settings good match

prevent

Enforcing secure configuration settings for the markdown-it-mermaid plugin by setting securityLevel to 'strict' directly prevents the rendering of arbitrary HTML tags within Mermaid diagrams.

SI-10 Information Input Validation good match

prevent

Validating and sanitizing untrusted Markdown inputs, especially Mermaid content, blocks malicious HTML injection that enables RCE.

SI-2 Flaw Remediation good match

prevent

Monitoring for and remediating flaws like CVE-2025-68669 through patches or upgrades prevents exploitation of the unpatched RCE vulnerability.

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution

Adversaries may exploit software vulnerabilities in client applications to execute code.

attack.mitre.org →

Why these techniques?

The RCE vulnerability in the markdown-it-mermaid plugin with 'loose' security level allows execution of arbitrary code via malicious HTML tags in Mermaid diagrams, enabling Exploitation for Client Execution (T1203).

NVD Description

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. In versions 0.15.2 and prior, an RCE vulnerability exists in useMarkdown.ts, where the markdown-it-mermaid plugin is initialized with securityLevel: 'loose'. This configuration explicitly permits the rendering of…

HTML tags within Mermaid diagram nodes. This issue has not been patched at time of publication.

Deeper analysisAI

CVE-2025-68669 is a remote code execution (RCE) vulnerability affecting 5ire, a cross-platform desktop artificial intelligence assistant and model context protocol client. The issue resides in the useMarkdown.ts file in versions 0.15.2 and prior, where the markdown-it-mermaid plugin is initialized with securityLevel set to 'loose'. This configuration allows the rendering of HTML tags within Mermaid diagram nodes, enabling arbitrary code execution. The vulnerability is classified under CWE-79 (Cross-Site Scripting) with a CVSS v3.1 base score of 9.6 (AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).

An attacker can exploit this vulnerability remotely without privileges by tricking a user into rendering malicious Markdown content containing a specially crafted Mermaid diagram. User interaction is required, such as opening or processing the Markdown in the 5ire application. Successful exploitation grants the attacker high confidentiality, integrity, and availability impacts with changed scope, potentially leading to full RCE on the victim's desktop system.

The GitHub security advisory (GHSA-5hpf-p8fw-j349) confirms the issue has not been patched as of publication on 2025-12-23. References point to the vulnerable code in useMarkdown.ts at line 156, a potential fix in commit 1fbe40d0bfbfe215370d45b9af856c286d67d3f2, and the v0.15.2 release, but no official patch is available in the affected versions.

As a desktop AI assistant, 5ire's vulnerability carries relevance to AI/ML workflows where users process Markdown from untrusted sources, such as shared model contexts or documentation. No real-world exploitation has been reported at the time of publication.

Details

CWE(s): CWE-79

Affected Products

5ire

≤ 0.15.2

AI Security AnalysisAI

AI Category: Enterprise AI Assistants
Risk Domain: Other ATLAS/OWASP Terms
OWASP Top 10 for LLMs 2025: None mapped
Classification Reason: 5ire is explicitly described as a cross-platform desktop artificial intelligence assistant and model context protocol client, directly matching the Enterprise AI Assistants category.

CVEs Like This One

CVE-2026-22792Same product: 5Ire 5Ire

CVE-2026-22793Same product: 5Ire 5Ire

CVE-2026-32751Shared CWE-79

CVE-2025-23792Shared CWE-79

CVE-2026-33066Shared CWE-79

CVE-2026-4369Shared CWE-79

CVE-2026-4345Shared CWE-79

CVE-2025-24576Shared CWE-79

CVE-2025-5352Shared CWE-79

CVE-2025-26210Shared CWE-79

References

https://github.com/nanbingxyz/5ire/blob/c40d05a2b546094789fc727daa5383bb15034442/src/hooks/useMarkdown.ts#L156
Product · security-advisories@github.com
https://github.com/nanbingxyz/5ire/commit/1fbe40d0bfbfe215370d45b9af856c286d67d3f2
security-advisories@github.com
https://github.com/nanbingxyz/5ire/releases/tag/v0.15.2
Release Notes · security-advisories@github.com
https://github.com/nanbingxyz/5ire/security/advisories/GHSA-5hpf-p8fw-j349
Exploit, Vendor Advisory · security-advisories@github.com
https://github.com/nanbingxyz/5ire/security/advisories/GHSA-5hpf-p8fw-j349
Exploit, Vendor Advisory · 134c704f-9b21-4f2e-91b3-4a467353bcc0