CVE-2025-67744

Name of the Vulnerable Software and Affected Versions DeepChat versions prior to 0.5.3

Description DeepChat is an open-source artificial intelligence agent platform. A security issue exists in the Mermaid diagram rendering component that allows arbitrary JavaScript execution. This Cross-Site Scripting (XSS) flaw escalates to full Remote Code Execution (RCE), enabling an attacker to execute arbitrary system commands. The issue is caused by the exposure of the Electron IPC renderer to the DOM, combined with unsafe Mermaid configuration and an exposed IPC interface.

Recommendations Update DeepChat to version 0.5.3 or later.