CVE-2025-26210
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-03

Last updated on: 2025-09-26

Assigner: MITRE

Description
DeepSeek R1 through V3.1 allows XSS, as demonstrated by JavaScript execution in the context of the run-html-chat.deepseeksvc.com domain. NOTE: some third parties have indicated that this is intended behavior.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-03
Last Modified
2025-09-26
Generated
2026-06-16
AI Q&A
2025-09-03
EPSS Evaluated
2026-06-15
NVD
CVE-2025-26210
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
deepseek deepseek-r1 1.0
deepseek deepseek-v2 *
deepseek deepseek-v3 1.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-26210 is a Cross-Site Scripting (XSS) vulnerability in the DeepSeek AI platform versions R1 through V3.1. It occurs because the platform insecurely handles user input in AI-generated JavaScript code, specifically by using JavaScript's eval() function without proper sanitization. This allows a remote attacker to inject and execute arbitrary JavaScript code via input fields in the web application, leading to unauthorized script execution within the victim's browser. [1]

Impact Analysis

This vulnerability can have severe impacts including arbitrary code execution in the victim's browser, theft of sensitive data such as cookies and URLs, and exfiltration of detailed user environment information (e.g., user agent, OS, screen size, CPU cores, RAM, battery status). Attackers can use this to hijack user sessions, steal personal information, and perform further attacks by sending stolen data to attacker-controlled servers. [1]

Detection Guidance

This vulnerability can be detected by testing input fields in the DeepSeek AI platform (versions R1 through V3.1) for improper sanitization that allows JavaScript injection. A common detection method is to submit payloads such as `alert('Hacked!')` into form inputs and observe if the script executes. Network monitoring can also reveal suspicious outbound requests (e.g., JavaScript fetch calls) sending data to attacker-controlled servers. There are no specific commands provided, but manual testing with JavaScript injection payloads and monitoring HTTP POST requests to unknown endpoints can help detect exploitation attempts. [1]

Mitigation Strategies

Immediate mitigation steps include disabling or restricting the use of AI-generated JavaScript code that uses `eval()` or similar functions on user input, implementing strict input validation and sanitization to prevent injection of malicious scripts, and monitoring network traffic for suspicious data exfiltration attempts. Additionally, applying any available patches or updates from DeepSeek (if released) and restricting access to vulnerable versions (R1 through V3.1) until a fix is available are recommended. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-26210. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart