A critical vulnerability has been identified in the DeepChat AI chat platform, rated with a CVSS score of 9.6. This flaw allows a remote attacker to bypass existing security filters and execute arbitrary code on a user's computer by sending a specially crafted message. Successful exploitation could lead to a complete system compromise, enabling data theft, malware installation, and further network intrusion.

The vulnerability is a Cross-Site Scripting (XSS) flaw originating from the improper sanitization of Mermaid diagram content within the MermaidArtifact.vue component. A previous security patch is insufficient and can be bypassed. An attacker can craft a malicious payload using unquoted HTML attributes combined with HTML entity encoding to evade the regex filter designed to strip dangerous code. When a victim views the malicious Mermaid content, the XSS payload executes and can leverage the electron.ipcRenderer interface, which allows the web-based chat client to interact with the underlying operating system, resulting in Remote Code Execution (RCE) on the victim's machine.

This vulnerability is rated as critical severity with a CVSS score of 9.6. Successful exploitation allows an unauthenticated, remote attacker to gain full control over an affected user's computer. The potential business impact includes the theft of sensitive data such as intellectual property, user credentials, and private chat logs; the installation of ransomware or spyware; lateral movement into the broader corporate network from a compromised endpoint; and significant reputational damage. The ability to achieve RCE from a chat message poses a direct and severe threat to organizational security.

Immediate Action: The vendor advisory indicates there is no fix at the time of publication, despite a general recommendation to update. Organizations should prepare to apply a patch for DeepChat products to a version higher than 0.5.1 immediately upon its release. In the interim, and after patching, it is crucial to monitor for exploitation attempts and review access logs for any indicators of compromise.

Proactive Monitoring:

• Log Analysis: Scrutinize application logs for rendered Mermaid content containing suspicious patterns, such as unquoted HTML attributes, HTML entities (e.g., &#x...;), and strings related to electron.ipcRenderer.
• Network Traffic: Monitor for anomalous outbound connections from endpoints running the DeepChat client, which could indicate a successful RCE payload communicating with a command-and-control (C2) server.
• Endpoint Detection: Utilize EDR/XDR solutions to detect suspicious child processes being spawned by the DeepChat application process, which is a strong indicator of RCE.

Compensating Controls:

• If possible within the application's configuration, disable the rendering of Mermaid diagrams until a patch can be applied.
• Restrict the ability of untrusted or external users to submit content that could be interpreted as a Mermaid diagram.
• Implement strict network egress filtering on user workstations to block unexpected outbound connections, potentially preventing a compromised client from connecting to an attacker's C2 server.

Public Exploit Available: False

This vulnerability represents a critical risk to the organization and requires immediate attention. Due to the lack of an available patch, organizations must prioritize the implementation of compensating controls, such as disabling Mermaid rendering where possible and enhancing monitoring for the specific indicators of compromise outlined above. A plan should be in place to test and deploy the vendor's security patch as soon as it is released. Although not currently listed on the CISA KEV list, its high severity and potential for RCE make it a likely candidate for future inclusion, and it should be treated with the highest priority.