- Description
- 5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Versions prior to 0.11.1 are vulnerable to stored cross-site scripting in chatbot responses due to insufficient sanitization. This, in turn, can lead to Remote Code Execution (RCE) via unsafe Electron protocol handling and exposed Electron APIs. All users of 5ire client versions prior to patched releases, particularly those interacting with untrusted chatbots or pasting external content, are affected. Version 0.11.1 contains a patch for the issue.
- Source
- security-advisories@github.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 9.6
- Impact score
- 6
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- security-advisories@github.com
- CWE-20
- Hype score
- Not currently trending
CVE-2025-47777 (CVSS:9.6, CRITICAL) is Awaiting Analysis. 5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Versions prior to ..https://t.co/o1WbwcefCJ #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
19 May 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-47777 5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Versions prior to 0.11.1 are vulnerable to stored cross-site scr… https://t.co/KFVkha63ao
@CVEnew
14 May 2025
185 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-47777: CRITICAL] Vulnerable cross-platform AI assistant 5ire versions prior to 0.11.1 expose users to Remote Code Execution due to stored XSS in chatbot responses. Update to the patched release.#cve,CVE-2025-47777,#cybersecurity https://t.co/PkbQb5U4CZ https://t.co/w18c
@CveFindCom
14 May 2025
54 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes