CVE-2025-66481 is a critical vulnerability classified under CWE-80 (Improper Neutralization of Script-Related HTML Tags), CWE-79 (Improper Neutralization of Input During Web Page Generation), and CWE-94 (Improper Control of Generation of Code). It affects DeepChat, an open-source AI chat platform supporting cloud models and large language models (LLMs), specifically versions 0.5.1 and earlier. The vulnerability stems from improper sanitization of Mermaid content, a tool used for generating diagrams and flowcharts in markdown-like syntax. The recent patch targeting MermaidArtifact.vue fails to fully mitigate the risk because attackers can bypass the regex filter designed to strip dangerous attributes by exploiting unquoted HTML attributes combined with HTML entity encoding. This bypass enables injection of malicious scripts leading to cross-site scripting (XSS). Due to DeepChat’s use of Electron, the vulnerability escalates to remote code execution (RCE) on the victim’s machine through the electron.ipcRenderer interface, which allows communication between the renderer process and the main process. The vulnerability is remotely exploitable without authentication but requires user interaction (e.g., viewing malicious content). The CVSS v3.1 score of 9.7 reflects the critical nature of this vulnerability, with network attack vector, low attack complexity, no privileges required, but user interaction needed, and a scope change due to potential system-level compromise. No official patch or fix is available at the time of publication, and no exploits have been reported in the wild yet. This vulnerability poses a significant risk to any organization deploying DeepChat, especially those integrating Mermaid diagrams in chat content.

The impact on European organizations is substantial due to the critical severity of this vulnerability. Exploitation can lead to full compromise of affected systems, including unauthorized access to sensitive data, manipulation of chat content, and execution of arbitrary code on user machines. This threatens confidentiality, integrity, and availability of systems and data. Organizations using DeepChat for internal or customer-facing AI chat services risk data breaches, service disruption, and potential lateral movement within networks. The RCE capability increases the risk of malware deployment, ransomware, or espionage activities. Given the growing adoption of AI chat platforms in sectors such as finance, healthcare, and public administration across Europe, the vulnerability could have widespread operational and reputational consequences. Additionally, the lack of an official patch increases exposure time, demanding immediate mitigation efforts. The vulnerability’s exploitation could also facilitate supply chain attacks if DeepChat is embedded in larger software ecosystems.

1. Immediately assess the use of DeepChat versions 0.5.1 or below within the organization and identify any deployment involving Mermaid content rendering. 2. Disable or restrict the rendering of Mermaid diagrams or any untrusted user-generated content until a secure patch is available. 3. Implement custom input sanitization and validation layers that specifically address unquoted HTML attributes and HTML entity encoding to prevent bypasses of existing filters. 4. Restrict or disable the electron.ipcRenderer interface where possible, or implement strict communication whitelisting to limit exposure to RCE. 5. Educate users about the risks of interacting with untrusted chat content and enforce strict content security policies (CSP) to reduce script execution risks. 6. Monitor network and endpoint logs for unusual activity indicative of exploitation attempts, including suspicious IPC calls or script injections. 7. Engage with the DeepChat community and vendor for updates and patches, and plan for rapid deployment once a fix is released. 8. Consider isolating DeepChat deployments in segmented network environments to limit potential lateral movement. 9. Employ endpoint detection and response (EDR) tools to detect and mitigate post-exploitation behaviors.