A critical vulnerability has been identified in the DeepChat AI agent platform, which could allow an attacker to take complete control of an affected system. The flaw originates in the diagram rendering component and can be triggered by a specially crafted diagram, leading to arbitrary code execution. Successful exploitation would allow an attacker to steal data, install malware, or use the compromised machine to attack other systems on the network.

This vulnerability is a result of two combined issues. First, the Mermaid diagram rendering component is improperly configured, allowing for the execution of arbitrary JavaScript when a malicious diagram is processed (Cross-Site Scripting). Second, the application, built on the Electron framework, insecurely exposes its Inter-Process Communication (IPC) renderer interface to the web content. An attacker can exploit this by crafting a malicious diagram that, when rendered by a victim, executes JavaScript code to access the exposed IPC interface and send commands to the main application process, which has system-level privileges. This escalates the initial XSS vulnerability to full Remote Code Execution (RCE), allowing the attacker to run any command on the underlying operating system.

This vulnerability is rated as critical severity with a CVSS score of 9.6, indicating a high potential for significant damage. A successful exploit results in a complete compromise of the system running the DeepChat application. Potential consequences include the exfiltration of sensitive data such as proprietary AI models, user credentials, and confidential documents; the deployment of ransomware or spyware; and using the compromised system as a staging point for further attacks against the internal network. This poses a severe risk to data confidentiality, integrity, and availability, and could lead to major financial and reputational damage.

Immediate Action: Immediately update all instances of DeepChat to version 0.5.3 or later, as this version contains the patch for the vulnerability. After updating, thoroughly review application and system logs for any signs of suspicious activity, such as unexpected commands or network connections, which may indicate a prior compromise.

Proactive Monitoring: Implement enhanced monitoring on systems running DeepChat. Look for suspicious child processes being spawned by the DeepChat application (e.g., cmd.exe, powershell.exe, /bin/sh), unusual outbound network connections to unknown IP addresses, and any logs related to errors in the Mermaid rendering engine.

Compensating Controls: If immediate patching is not feasible, implement the following controls to mitigate risk:

• Run the DeepChat application in a sandboxed or containerized environment to limit the impact of a potential system compromise.
• Use a host-based firewall to restrict the application's ability to make outbound network connections, preventing communication with attacker-controlled servers.
• Implement application whitelisting to prevent the DeepChat process from executing unauthorized commands or scripts.

Public Exploit Available: False

Given the critical CVSS score of 9.6 and the direct path to Remote Code Execution, this vulnerability represents a significant and immediate threat to the organization. Although it is not currently listed on the CISA KEV catalog, its severity makes it a prime candidate for future inclusion. We strongly recommend that all system administrators prioritize the immediate deployment of the patch (version 0.5.3) to all affected DeepChat instances to prevent a full system compromise.