CVE-2025-68669

Name of the Vulnerable Software and Affected Versions 5ire versions 0.15.2 and prior

Description 5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. A remote code execution issue exists in the useMarkdown.ts file due to the markdown-it-mermaid plugin being initialized with securityLevel: 'loose'. This configuration allows the rendering of HTML tags within Mermaid diagram nodes, potentially enabling arbitrary HTML and JavaScript execution.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.