What is CVE-2025-59417?

CVE-2025-59417 is a vulnerability in Lobehub Lobe-chat, classified under Cross-site Scripting. Published 2025-09-18.

Is CVE-2025-59417 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

XSS in Lobehub Lobe-chat

CVE-2025-59417

Lobe Chat is an open-source artificial intelligence chat framework. Prior to version 1.129.4, there is a a cross-site scripting (XSS) vulnerability when handling chat message in lobe-chat that can be escalated to remote code execution on t…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.002 (44.7th percentile) — read the EPSS interpretation.

Affected products

Lobehub Lobe-chat — versions < 1.129.4

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

Public proof-of-concept exploits

fkie-cad/nvd-json-data-feeds

References

https://github.com/lobehub/lobe-chat/security/advisories/GHSA-m79r-r765-5f9j (x_refsource_CONFIRM)
https://github.com/lobehub/lobe-chat/commit/9f044edd07ce102fe9f4b2fb47c62191c36da05c (x_refsource_MISC)

Frequently asked questions

What is CVE-2025-59417?: CVE-2025-59417 is a vulnerability in Lobehub Lobe-chat, classified under Cross-site Scripting. Published 2025-09-18.
Is CVE-2025-59417 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.