CNNVD-202512-625 Information

CNNVD ID

CNNVD-202512-625

Related CVE

CVE-2025-66562

• CNNVD Published: 2025-12-05

Description (Chinese)

TUUI是AIQL开源的一个MCP客户端。 TUUI 1.3.4之前版本存在代码注入漏洞，该漏洞源于Markdown渲染组件存在不安全的跨站脚本漏洞，可能导致远程代码执行。

Description (English)

TUUI is an MCP client of AIQL open source. There was a code-infusion loophole in the previous version of TUUI 1.3.4, which stemmed from the unsafe cross-site script loophole of the Markdown rendering component, which could lead to remote code implementation.

Hazard Level

Medium

Vulnerability Type

代码注入

Affected Vendor

AIQL

Published

2025-12-05

Last Modified

2026-02-24

References

https://github.com/AI-QL/tuui/commit/f673fa5b4d76e8236c7d9506d0727875cfa79cc1 https://github.com/AI-QL/tuui/releases/tag/v1.3.4 https://github.com/AI-QL/tuui/security/advisories/GHSA-qjhq-rgmr-6c3g https://access.redhat.com/security/cve/cve-2025-66562

Patch

https://github.com/AI-QL/tuui/releases