CVE-2025-55733 — CRITICAL (9.6)

Vulnerability Description

DeepChat is a smart assistant that connects powerful AI to your personal world. DeepChat before 0.3.1 has a one-click remote code execution vulnerability. An attacker can exploit this vulnerability by embedding a specially crafted deepchat: URL on any website, including a malicious one they control. When a victim visits such a site or clicks on the link, the browser triggers the app’s custom URL handler (deepchat:), causing the DeepChat application to launch and process the URL, leading to remote code execution on the victim’s machine. This vulnerability is fixed in 0.3.1.

CVSS Score

9.6

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Thinkinai	Deepchat	0.3.0

Related Weaknesses (CWE)

CWE-94

References

https://github.com/ThinkInAIXYZ/deepchat/commit/a0ff6f362e01ddceb7fd42d0af0b28b6Patch
https://github.com/ThinkInAIXYZ/deepchat/security/advisories/GHSA-hqr4-4gfc-5p2jExploitVendor Advisory
https://github.com/ThinkInAIXYZ/deepchat/security/advisories/GHSA-hqr4-4gfc-5p2jExploitVendor Advisory

FAQ

What is CVE-2025-55733?

CVE-2025-55733 is a vulnerability with a CVSS score of 9.6 (CRITICAL). DeepChat is a smart assistant that connects powerful AI to your personal world. DeepChat before 0.3.1 has a one-click remote code execution vulnerability. An attacker can exploit this vulnerability b...

How severe is CVE-2025-55733?

CVE-2025-55733 has been rated CRITICAL with a CVSS base score of 9.6/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2025-55733?

Check the references section above for vendor advisories and patch information. Affected products include: Thinkinai Deepchat.