CNNVD-202510-546 Information

CNNVD ID

CNNVD-202510-546

Related CVE

CVE-2025-11273

• CNNVD Published: 2025-10-04

Description (Chinese)

AI Verger是Le Chatterie开源的一个AI聊天工具。 AI Verger 1.2.10及之前版本存在代码问题漏洞，该漏洞源于对文件/src/main/services/mcp/oauth/provider.ts中参数URL的错误操作，可能导致反序列化攻击。

Description (English)

AI Verger is an AI chat tool for Le Chatterie open source. AI Verger 1.2.10 and previous versions had a code problem loophole, which stemmed from an error in the URL of the parameter in document/src/main/services/mcp/oauth/provider.ts, which could lead to a back-serialization attack.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

Le Chatterie

Published

2025-10-04

Last Modified

2026-02-24

References

https://lavender-bicycle-a5a.notion.site/Verger-RCE-26153a41781f80b694beebc22ea54579?source=copy_link https://vuldb.com/?ctiid.327007 https://vuldb.com/?id.327007 https://vuldb.com/?submit.655871