What is CVE-2025-58768?

CVE-2025-58768 is a critical-severity vulnerability in Thinkinaixyz Deepchat, classified under Code Injection. CVSS score: 9.7/10. Published 2025-09-09.

How severe is CVE-2025-58768?

Critical severity. CVSS v3 base score is 9.7 out of 10.

RCE in Thinkinaixyz Deepchat

CVE-2025-58768

DeepChat is a smart assistant uses artificial intelligence. Prior to version 0.3.5, in the Mermaid chart rendering component, there is a risky operation of directly using `innerHTML` to set user content. Therefore, any malicious content re…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.002 (41.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.7 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H.

Affected products

Thinkinaixyz Deepchat — versions < 0.3.5

Weakness classification (CWE)

CWE-94 — Code Injection

References

https://github.com/ThinkInAIXYZ/deepchat/security/advisories/GHSA-f7q5-vc93-wp6j (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2025-58768?: CVE-2025-58768 is a critical-severity vulnerability in Thinkinaixyz Deepchat, classified under Code Injection. CVSS score: 9.7/10. Published 2025-09-09.
How severe is CVE-2025-58768?: Critical severity. CVSS v3 base score is 9.7 out of 10.