CVE-2025-66222 is a critical security vulnerability identified in the DeepChat smart assistant software developed by ThinkInAIXYZ, affecting versions earlier than 0.5.0. The root cause is a stored Cross-Site Scripting (XSS) flaw within the Mermaid diagram renderer component, which is used to generate visual diagrams from text descriptions. This flaw allows attackers to inject and persist malicious JavaScript code that executes within the context of the DeepChat application. The vulnerability is exacerbated by the exposed Electron IPC (Inter-Process Communication) bridge, which facilitates communication between the renderer and main processes in the Electron framework. By exploiting this IPC bridge, an attacker can escalate the XSS to Remote Code Execution (RCE) by registering and launching a malicious Model Context Protocol (MCP) server, effectively gaining control over the host system. The CVSS 3.1 base score of 9.7 reflects the vulnerability’s critical nature, with network attack vector, low attack complexity, no privileges required, but requiring user interaction. The scope is changed, indicating that exploitation affects resources beyond the vulnerable component. Confidentiality, integrity, and availability impacts are all rated high, meaning attackers can steal sensitive data, alter or destroy information, and disrupt service availability. No patches are currently listed, and no known exploits in the wild have been reported yet. However, the potential for exploitation is significant given the nature of the vulnerability and the widespread use of Electron-based applications in AI assistants like DeepChat.

For European organizations, the impact of CVE-2025-66222 is substantial. DeepChat, as an AI-powered assistant, may be integrated into enterprise workflows, customer service platforms, or internal knowledge management systems. Exploitation could lead to unauthorized execution of arbitrary code on user machines or servers, resulting in data breaches, theft of intellectual property, or disruption of critical business processes. The ability to escalate from XSS to RCE means attackers can bypass typical sandboxing and containment mechanisms, potentially gaining persistent footholds in corporate networks. This poses risks to confidentiality of sensitive data, integrity of AI-generated outputs, and availability of services relying on DeepChat. Additionally, the vulnerability could be leveraged as a pivot point for lateral movement within networks. The lack of patches at present increases exposure, and organizations deploying DeepChat in regulated sectors such as finance, healthcare, or government may face compliance and reputational consequences if exploited.

1. Immediately audit all deployments of DeepChat and identify versions in use; prioritize upgrading to versions beyond 0.5.0 once patches are released. 2. Until official patches are available, disable or restrict the Mermaid diagram rendering feature to prevent injection of malicious scripts. 3. Harden Electron IPC communication by implementing strict validation and sanitization of messages, and consider disabling or sandboxing the IPC bridge if feasible. 4. Employ Content Security Policy (CSP) headers or equivalent controls to limit execution of unauthorized scripts within the application context. 5. Monitor application logs and network traffic for unusual MCP server registrations or unexpected IPC activity. 6. Educate users about the risks of interacting with untrusted content within DeepChat to reduce the likelihood of user interaction-based exploitation. 7. Implement network segmentation and endpoint protection to contain potential compromises. 8. Engage with ThinkInAIXYZ for timely updates and security advisories. 9. Consider deploying runtime application self-protection (RASP) or endpoint detection and response (EDR) solutions to detect exploitation attempts in real time.