CVE-2025-66562 is a critical security vulnerability identified in AI-QL's Tuui desktop MCP client, a tool designed for unitary utility integration. The flaw exists in versions prior to 1.3.4 and is rooted in an improper neutralization of input during web page generation, classified under CWE-79 (Cross-Site Scripting) and CWE-94 (Code Injection). Specifically, the Markdown rendering component of Tuui fails to safely sanitize JavaScript embedded within ECharts code blocks, allowing an attacker to inject and execute arbitrary JavaScript code. This XSS vulnerability is particularly dangerous because Tuui exposes an inter-process communication (IPC) interface that can spawn system processes. By combining the XSS with this IPC interface, an attacker can escalate from executing JavaScript in the application context to executing arbitrary system commands on the victim's machine. The attack vector requires the victim to view a maliciously crafted Markdown message, making user interaction necessary. The vulnerability has a CVSS 4.0 score of 8.9, indicating high severity, with network attack vector, high attack complexity, and privileges not required. The vulnerability impacts confidentiality, integrity, and availability by allowing remote code execution. Although no known exploits are currently reported in the wild, the potential for exploitation is significant due to the ease of triggering the vulnerability via message viewing. The issue is resolved in Tuui version 1.3.4, and users are strongly advised to upgrade. This vulnerability poses a substantial risk to environments where Tuui is deployed, especially in enterprise and critical infrastructure settings.

For European organizations, this vulnerability presents a significant risk of remote code execution leading to full system compromise. Attackers could leverage the flaw to execute arbitrary commands, potentially leading to data theft, disruption of services, or lateral movement within networks. Given Tuui's role as a utility integration client, compromise could affect multiple integrated systems, amplifying the impact. Confidentiality is at risk due to unauthorized access to sensitive data, integrity is compromised by potential unauthorized modifications, and availability could be disrupted by malicious commands. The requirement for user interaction (viewing a malicious message) somewhat limits automated mass exploitation but does not eliminate targeted attacks, especially spear-phishing campaigns. The high attack complexity and need for user interaction mean that well-resourced threat actors, including nation-state groups, could exploit this vulnerability for espionage or sabotage. The absence of known exploits in the wild suggests that proactive patching can prevent exploitation. However, delayed updates increase exposure risk, particularly in sectors such as finance, government, and critical infrastructure within Europe.

1. Immediate upgrade of all Tuui clients to version 1.3.4 or later to apply the official patch fixing the vulnerability. 2. Implement strict content filtering and sanitization on all inbound Markdown messages to prevent malicious JavaScript injection, especially in environments where patching may be delayed. 3. Restrict or disable the IPC interface used for spawning processes if feasible, or apply strict access controls to limit its exposure. 4. Educate users about the risks of opening untrusted Markdown messages and implement email and messaging gateway protections to detect and block malicious content. 5. Employ endpoint detection and response (EDR) solutions to monitor for unusual process spawning or command execution originating from Tuui processes. 6. Conduct regular vulnerability scanning and penetration testing focusing on client-side applications like Tuui to identify similar issues proactively. 7. Maintain an incident response plan that includes procedures for containment and remediation of client-side remote code execution incidents. 8. Network segmentation to limit the lateral movement potential if a client is compromised. These measures, combined with patching, will significantly reduce the risk posed by this vulnerability.