CVE-2025-58768 is a critical vulnerability affecting versions of the ThinkInAIXYZ deepchat product prior to 0.3.5. DeepChat is an AI-powered smart assistant that includes a Mermaid chart rendering component. The vulnerability arises from the unsafe use of the DOM property `innerHTML` to directly insert user-supplied content into the web page. This practice leads to a code injection flaw classified under CWE-94, where malicious input can be interpreted as executable code. Specifically, the vulnerability stems from an incomplete remediation of a prior cross-site scripting (XSS) issue, allowing attackers to execute arbitrary JavaScript code via crafted Mermaid chart content. The exploit chain extends beyond XSS, leveraging exposed inter-process communication (IPC) mechanisms to escalate from script execution to arbitrary command execution on the host system. This means an attacker can remotely execute system-level commands without authentication, with only user interaction required to trigger the malicious Mermaid rendering. The vulnerability has a CVSS v3.1 base score of 9.7, indicating critical severity, with network attack vector, low attack complexity, no privileges required, user interaction needed, and impacts on confidentiality, integrity, and availability. The fix was introduced in version 0.3.5, which properly sanitizes or avoids unsafe DOM insertion methods. No known exploits are currently reported in the wild, but the high severity and ease of exploitation make this a significant threat to users of affected versions.

For European organizations using DeepChat versions prior to 0.3.5, this vulnerability poses a severe risk. Successful exploitation can lead to full system compromise, including unauthorized access to sensitive data, disruption of services, and potential lateral movement within networks. Given DeepChat's role as an AI assistant, it may be integrated into workflows handling confidential or regulated information, increasing the risk of data breaches and compliance violations under GDPR. The ability to execute arbitrary commands remotely without authentication amplifies the threat, potentially allowing attackers to deploy ransomware, exfiltrate data, or establish persistent footholds. The requirement for user interaction (e.g., viewing or loading malicious Mermaid charts) means phishing or social engineering could be vectors for exploitation. The criticality of this vulnerability necessitates immediate attention to prevent operational disruption and reputational damage within European enterprises, especially those in sectors like finance, healthcare, and government where AI assistants may be deployed.

European organizations should immediately audit their DeepChat deployments to identify versions prior to 0.3.5. The primary mitigation is to upgrade DeepChat to version 0.3.5 or later, which contains the official fix. Until upgrades can be applied, organizations should implement strict content security policies (CSP) to restrict script execution and prevent unsafe DOM manipulations. Additionally, disable or restrict the use of Mermaid chart rendering if possible, or sanitize all user-generated content before rendering. Network-level controls such as web application firewalls (WAFs) can be tuned to detect and block suspicious payloads targeting the Mermaid component. User training to recognize phishing attempts that may deliver malicious Mermaid content is also critical. Monitoring IPC channels for anomalous activity can help detect exploitation attempts. Finally, organizations should maintain robust endpoint detection and response (EDR) solutions to identify and contain any post-exploitation behaviors.