CVE-2025-58176
BaseFortify
Publication date: 2025-09-03
Last updated on: 2025-09-11
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openagentplatform | dive | From 0.9.0 (inc) to 0.9.4 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-58176 is a remote code execution vulnerability in the Dive application versions 0.9.0 through 0.9.3. It occurs because Dive improperly processes a custom URL scheme ("dive:") that can include a JSON configuration for installing MCP servers. If the configuration specifies the "transport" as "stdio", Dive executes the specified command and arguments directly on the victim's machine without proper validation. An attacker can exploit this by tricking a user into clicking a malicious "dive:" URL or being redirected to it, causing arbitrary code execution on the victim's system. [2]
How can this vulnerability impact me? :
This vulnerability can lead to an attacker executing arbitrary code on your machine remotely. This means the attacker could run any command or program with your user privileges, potentially leading to data theft, system compromise, installation of malware, or disruption of system availability. The attack requires user interaction, such as clicking a malicious link or being redirected to a crafted URL, but once triggered, it can have severe consequences including full control over your system. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for the invocation of the Dive application via its custom URL scheme 'dive:' with suspicious or unexpected 'mcp.install' deeplink URLs containing base64-encoded JSON configurations. On the system, you can check for recent executions of Dive triggered by such URLs or look for unusual command executions that match the 'stdio' transport method commands. Network detection could involve inspecting HTTP traffic for URLs starting with 'dive://mcp.install/' containing base64-encoded 'config' parameters. Specific commands to detect this might include searching browser history or logs for 'dive:' URLs, or monitoring process execution logs for Dive launching commands with arguments matching MCP server installs. However, no explicit commands are provided in the resources. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading the Dive application to version 0.9.4 or later, where the vulnerability is fixed by introducing a confirmation popup that requires explicit user approval before executing MCP server installations with the 'stdio' transport. This update prevents automatic execution of arbitrary commands via crafted URLs. Additionally, users should avoid clicking on untrusted 'dive:' links and administrators can consider restricting or monitoring the handling of custom URL schemes in browsers and the operating system. [1, 2]