Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2025-47777
Analyzed
More InfoOfficial Page
Source-security-advisories@github.com
View Known Exploited Vulnerability (KEV) details
Published At-14 May, 2025 | 16:15
Updated At-22 Jan, 2026 | 21:26

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Versions prior to 0.11.1 are vulnerable to stored cross-site scripting in chatbot responses due to insufficient sanitization. This, in turn, can lead to Remote Code Execution (RCE) via unsafe Electron protocol handling and exposed Electron APIs. All users of 5ire client versions prior to patched releases, particularly those interacting with untrusted chatbots or pasting external content, are affected. Version 0.11.1 contains a patch for the issue.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.19.6CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 9.6
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CPE Matches
5ire
5ire
>>5ire>>Versions before 0.11.1(exclusive)
cpe:2.3:a:5ire:5ire:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Secondarysecurity-advisories@github.com
CWE-79Secondarysecurity-advisories@github.com
CWE ID: CWE-20
Type: Secondary
Source: security-advisories@github.com
CWE ID: CWE-79
Type: Secondary
Source: security-advisories@github.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/nanbingxyz/5ire/commit/56601e012095194a4be0d4cb6da6b5b3cb53dea8security-advisories@github.com
Patch
https://github.com/nanbingxyz/5ire/security/advisories/GHSA-mr8w-mmvv-6hq8security-advisories@github.com
Vendor Advisory
https://positive.security/blog/url-open-rcesecurity-advisories@github.com
Not Applicable
https://shabarkin.notion.site/1-click-RCE-in-Electron-Applications-501c2e96e7934610979cd3c72e844a22security-advisories@github.com
Not Applicable
https://www.electronjs.org/docs/latest/tutorial/securitysecurity-advisories@github.com
Not Applicable
https://www.youtube.com/watch?v=ROFYhS9E9eUsecurity-advisories@github.com
Exploit
Hyperlink: https://github.com/nanbingxyz/5ire/commit/56601e012095194a4be0d4cb6da6b5b3cb53dea8
Source: security-advisories@github.com
Resource:
Patch
Hyperlink: https://github.com/nanbingxyz/5ire/security/advisories/GHSA-mr8w-mmvv-6hq8
Source: security-advisories@github.com
Resource:
Vendor Advisory
Hyperlink: https://positive.security/blog/url-open-rce
Source: security-advisories@github.com
Resource:
Not Applicable
Hyperlink: https://shabarkin.notion.site/1-click-RCE-in-Electron-Applications-501c2e96e7934610979cd3c72e844a22
Source: security-advisories@github.com
Resource:
Not Applicable
Hyperlink: https://www.electronjs.org/docs/latest/tutorial/security
Source: security-advisories@github.com
Resource:
Not Applicable
Hyperlink: https://www.youtube.com/watch?v=ROFYhS9E9eU
Source: security-advisories@github.com
Resource:
Exploit
Change History
0Changes found
Details not found