CVE-2025-55733
BaseFortify
Publication date: 2025-08-19
Last updated on: 2025-09-17
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| thinkinai | deepchat | 0.3.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in DeepChat before version 0.3.1 allows an attacker to execute remote code on a victim's machine by embedding a specially crafted deepchat: URL on a website. When the victim visits the site or clicks the link, the browser triggers DeepChat's custom URL handler, causing the application to launch and process the URL, which leads to remote code execution.
How can this vulnerability impact me? :
An attacker can gain control over your machine remotely by exploiting this vulnerability, potentially leading to unauthorized access, data theft, system compromise, or disruption of services.
What immediate steps should I take to mitigate this vulnerability?
Update the DeepChat application to version 0.3.1 or later, as this version contains the fix for the remote code execution vulnerability. Additionally, avoid clicking on or visiting websites with untrusted or suspicious deepchat: URLs to prevent triggering the vulnerability.