CVE-2025-47777

Name of the Vulnerable Software and Affected Versions: 5ire versions prior to 0.11.1

Description: The issue is related to stored cross-site scripting in chatbot responses due to insufficient sanitization, which can lead to Remote Code Execution (RCE) via unsafe Electron protocol handling and exposed Electron APIs. Users of 5ire client versions prior to the patched release, particularly those interacting with untrusted chatbots or pasting external content, are affected.

Recommendations: For versions prior to 0.11.1, update to version 0.11.1 or later, which contains a patch for the issue. As a temporary workaround, consider avoiding interactions with untrusted chatbots and refraining from pasting external content until the update is applied. Restrict access to exposed Electron APIs to minimize the risk of exploitation.