CVE-2025-58768

Name of the Vulnerable Software and Affected Versions: DeepChat versions prior to 0.3.5

Description: DeepChat, a smart assistant utilizing artificial intelligence, contains a flaw in the Mermaid chart rendering component. Directly using innerHTML to set user content allows for the execution of malicious content. This issue stems from an insufficiently addressed cross-site scripting (XSS) problem, leading to an exploit chain that enables arbitrary JavaScript code execution via XSS and arbitrary commands via exposed Inter-Process Communication (IPC).

Recommendations: Update to version 0.3.5 or later.