CVE-2025-59053
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-11

Last updated on: 2025-09-15

Assigner: GitHub, Inc.

Description
AIRI is a self-hosted, artificial intelligence based Grok Companion. In v0.7.2-beta.2 in the `packages/stage-ui/src/components/MarkdownRenderer.vue` path, the Markdown content is processed using the useMarkdown composable, and the processed HTML is rendered directly into the DOM using v-html. An attacker creates a card file containing malicious HTML/JavaScript, then simply processes it using the highlightTagToHtml function (which simply replaces template tags without HTML escaping), and then directly renders it using v-html, leading to cross-site scripting (XSS). The project also exposes the Tauri API, which can be called from the frontend. The MCP plugin exposes a command execution interface function in `crates/tauri-plugin-mcp/src/lib.rs`. This allows arbitrary command execution. `connect_server` directly passes the user-supplied `command` and `args` parameters to `Command::new(command).args(args)` without any input validation or whitelisting. Thus, the previous XSS exploit could achieve command execution through this interface. v0.7.2-beta.3 fixes the issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-11
Last Modified
2025-09-15
Generated
2026-06-16
AI Q&A
2025-09-11
EPSS Evaluated
2026-06-14
NVD
CVE-2025-59053
EUVD
EUVD-2025-28983
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
dompurify dompurify ^3.2.6
moeru-ai airi 0.7.2-beta.3
moeru-ai airi 0.7.2-beta.2
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in AIRI v0.7.2-beta.2 involves improper handling of Markdown content where malicious HTML/JavaScript can be injected and rendered directly into the DOM without escaping, leading to cross-site scripting (XSS). Additionally, the exposed Tauri API allows arbitrary command execution because user-supplied commands and arguments are passed directly to the system without validation. An attacker can exploit the XSS to execute arbitrary system commands. The issue is fixed in v0.7.2-beta.3.

Impact Analysis

This vulnerability can lead to severe impacts including unauthorized execution of arbitrary commands on the host system, full compromise of the application, data theft, data manipulation, and potential system takeover. The cross-site scripting can be used to execute malicious scripts in users' browsers, and the command execution interface can be exploited to run any system command, leading to high confidentiality, integrity, and availability risks.

Mitigation Strategies

Upgrade AIRI to version v0.7.2-beta.3 or later, as this version fixes the vulnerability by addressing the unsafe rendering of Markdown content and the command execution interface. Avoid processing untrusted Markdown content with the vulnerable versions and restrict access to the Tauri API to prevent exploitation.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-59053. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart