What is CVE-2025-66481?

CVE-2025-66481 is a critical-severity vulnerability in Thinkinaixyz Deepchat, classified under Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS). CVSS score: 9.7/10. Published 2025-12-09.

How severe is CVE-2025-66481?

Critical severity. CVSS v3 base score is 9.7 out of 10.

RCE in Thinkinaixyz Deepchat

CVE-2025-66481

DeepChat is an open-source AI chat platform that supports cloud models and LLMs. Versions 0.5.1 and below are vulnerable to XSS attacks through improperly sanitized Mermaid content. The recent security patch for MermaidArtifact.vue is insu…

EPSS: 0.003 (48.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.7 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H.

Affected products

Thinkinaixyz Deepchat — versions <= 0.5.1

Weakness classification (CWE)

References

https://github.com/ThinkInAIXYZ/deepchat/security/advisories/GHSA-h9f5-7hhf-fqm4 (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2025-66481?: CVE-2025-66481 is a critical-severity vulnerability in Thinkinaixyz Deepchat, classified under Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS). CVSS score: 9.7/10. Published 2025-12-09.
How severe is CVE-2025-66481?: Critical severity. CVSS v3 base score is 9.7 out of 10.