CVE-2025-66562 is a critical vulnerability in the AI-QL tuui desktop MCP client, versions prior to 1.3.4. The root cause is an improper neutralization of input (CWE-79) during web page generation in the Markdown rendering component, which allows arbitrary JavaScript execution within ECharts code blocks embedded in Markdown content. This XSS flaw is particularly dangerous because the application exposes an IPC interface that can spawn system processes. An attacker can craft a malicious Markdown message containing JavaScript that executes within the tuui client’s context. When a user views this message, the JavaScript runs and leverages the IPC interface to execute arbitrary system commands, effectively achieving remote code execution (RCE) on the victim’s machine without requiring prior authentication. The vulnerability requires user interaction (viewing the malicious message) and has a high attack complexity due to the need to exploit the IPC interface correctly. The CVSS 4.0 base score is 8.9, reflecting high confidentiality, integrity, and availability impacts, with network attack vector and no privileges required. Although no known exploits are currently observed in the wild, the vulnerability poses a significant risk due to the potential for full system compromise. The issue is resolved in version 1.3.4 of tuui, which properly sanitizes input and restricts unsafe JavaScript execution within Markdown rendering. Organizations using affected versions should prioritize patching to prevent exploitation.

For European organizations, this vulnerability presents a severe risk of remote code execution leading to full system compromise. Since tuui is a desktop client used for unitary utility integration, attackers could leverage this flaw to execute arbitrary commands, potentially leading to data theft, lateral movement within networks, disruption of services, or deployment of ransomware. The requirement for user interaction (viewing a malicious Markdown message) means phishing or social engineering could be used as an attack vector. The high confidentiality, integrity, and availability impacts could affect sensitive data and critical infrastructure. Organizations in sectors such as finance, manufacturing, and government that rely on AI-QL’s tuui client for integration tasks are particularly vulnerable. The exposed IPC interface increases the attack surface, making containment and detection more challenging. Without timely patching, the vulnerability could be exploited to compromise endpoints, leading to broader network breaches and operational disruptions.

1. Immediately upgrade all instances of AI-QL tuui to version 1.3.4 or later, which contains the fix for this vulnerability. 2. Restrict access to the IPC interface by implementing strict access controls and network segmentation to limit exposure only to trusted processes and users. 3. Implement content filtering and scanning on incoming Markdown messages to detect and block potentially malicious scripts or ECharts code blocks. 4. Educate users on the risks of opening untrusted Markdown messages and encourage verification of message sources. 5. Employ endpoint detection and response (EDR) solutions to monitor for suspicious process spawning and anomalous IPC activity. 6. Regularly audit and update security policies related to client software usage and integration tools. 7. Consider disabling or sandboxing the Markdown rendering component if immediate patching is not feasible, to reduce attack surface. 8. Maintain up-to-date backups and incident response plans to mitigate potential damage from exploitation.