CVE-2025-58176
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-03

Last updated on: 2025-09-11

Assigner: GitHub, Inc.

Description
Dive is an open-source MCP Host Desktop Application that enables integration with function-calling LLMs. In versions 0.9.0 through 0.9.3, there is a one-click Remote Code Execution vulnerability triggered through a custom url value, `transport` in the JSON object. An attacker can exploit the vulnerability in the following two scenarios: a victim visits a malicious website controlled by the attacker and the website redirect to the URL automatically, or a victim clicks on such a crafted link embedded on a legitimate website (e.g., in user-generated content). In both cases, the browser invokes Dive's custom URL handler (dive:), which launches the Dive app and processes the crafted URL, leading to arbitrary code execution on the victim’s machine. This vulnerability is caused by improper processing of custom url. This is fixed in version 0.9.4.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-03
Last Modified
2025-09-11
Generated
2026-06-16
AI Q&A
2025-09-03
EPSS Evaluated
2026-06-15
NVD
CVE-2025-58176
EUVD
EUVD-2025-26488
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
openagentplatform dive From 0.9.0 (inc) to 0.9.4 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-58176 is a remote code execution vulnerability in the Dive application versions 0.9.0 through 0.9.3. It occurs because Dive improperly processes a custom URL scheme ("dive:") that can include a JSON configuration for installing MCP servers. If the configuration specifies the "transport" as "stdio", Dive executes the specified command and arguments directly on the victim's machine without proper validation. An attacker can exploit this by tricking a user into clicking a malicious "dive:" URL or being redirected to it, causing arbitrary code execution on the victim's system. [2]

Impact Analysis

This vulnerability can lead to an attacker executing arbitrary code on your machine remotely. This means the attacker could run any command or program with your user privileges, potentially leading to data theft, system compromise, installation of malware, or disruption of system availability. The attack requires user interaction, such as clicking a malicious link or being redirected to a crafted URL, but once triggered, it can have severe consequences including full control over your system. [2]

Detection Guidance

This vulnerability can be detected by monitoring for the invocation of the Dive application via its custom URL scheme 'dive:' with suspicious or unexpected 'mcp.install' deeplink URLs containing base64-encoded JSON configurations. On the system, you can check for recent executions of Dive triggered by such URLs or look for unusual command executions that match the 'stdio' transport method commands. Network detection could involve inspecting HTTP traffic for URLs starting with 'dive://mcp.install/' containing base64-encoded 'config' parameters. Specific commands to detect this might include searching browser history or logs for 'dive:' URLs, or monitoring process execution logs for Dive launching commands with arguments matching MCP server installs. However, no explicit commands are provided in the resources. [2]

Mitigation Strategies

Immediate mitigation steps include upgrading the Dive application to version 0.9.4 or later, where the vulnerability is fixed by introducing a confirmation popup that requires explicit user approval before executing MCP server installations with the 'stdio' transport. This update prevents automatic execution of arbitrary commands via crafted URLs. Additionally, users should avoid clicking on untrusted 'dive:' links and administrators can consider restricting or monitoring the handling of custom URL schemes in browsers and the operating system. [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-58176. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart