What is CVE-2025-66222?

CVE-2025-66222 is a critical-severity vulnerability in Thinkinaixyz Deepchat, classified under Code Injection. CVSS score: 9.7/10. Published 2025-12-03.

How severe is CVE-2025-66222?

Critical severity. CVSS v3 base score is 9.7 out of 10.

RCE in Thinkinaixyz Deepchat

CVE-2025-66222

DeepChat is a smart assistant uses artificial intelligence. In 0.5.0 and earlier, there is a Stored Cross-Site Scripting (XSS) vulnerability in the Mermaid diagram renderer allows an attacker to execute arbitrary JavaScript within the appl…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.003 (49.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.7 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H.

Affected products

Thinkinaixyz Deepchat — versions < 0.5.0

Weakness classification (CWE)

CWE-94 — Code Injection

References

https://github.com/ThinkInAIXYZ/deepchat/security/advisories/GHSA-v8v5-c872-mf8r (x_refsource_CONFIRM)
https://github.com/ThinkInAIXYZ/deepchat/commit/371ca7b42e3685aee6e3f0c61e85277ed1ff4db7 (x_refsource_MISC)

Frequently asked questions

What is CVE-2025-66222?: CVE-2025-66222 is a critical-severity vulnerability in Thinkinaixyz Deepchat, classified under Code Injection. CVSS score: 9.7/10. Published 2025-12-03.
How severe is CVE-2025-66222?: Critical severity. CVSS v3 base score is 9.7 out of 10.