CNNVD-202512-4017 Information

CNNVD ID

CNNVD-202512-4017

Related CVE

CVE-2025-68669

• CNNVD Published: 2025-12-23

Description (Chinese)

5ire是Ironben个人开发者的一个跨平台的桌面AI助手。 5ire 0.15.2及之前版本存在跨站脚本漏洞，该漏洞源于markdown-it-mermaid插件安全配置不当，可能导致远程代码执行。

Description (English)

5re is a cross-platform desktop AI assistant to the Ironben personal developer. 5ire 0.15.2 and previous versions had a cross-site script loophole, which stemmed from the inappropriate security configuration of the markdown-it-mermaid plugin, which could lead to remote code implementation.

Hazard Level

Low

Vulnerability Type

跨站脚本

Affected Vendor

个人开发者

Published

2025-12-23

Last Modified

2026-02-24

References

https://github.com/nanbingxyz/5ire/blob/c40d05a2b546094789fc727daa5383bb15034442/src/hooks/useMarkdown.ts#L156 https://github.com/nanbingxyz/5ire/releases/tag/v0.15.2 https://github.com/nanbingxyz/5ire/security/advisories/GHSA-5hpf-p8fw-j349 https://access.redhat.com/security/cve/cve-2025-68669