5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Version 0.13.2 contains a vulnerability in the chat page's script gadgets that enables content injection attacks through multiple vectors: malicious prompt injection pages, compromised MCP servers, and exploited tool integrations. This is fixed in version 0.14.0.
Metrics
Affected Vendors & Products
References
History
Thu, 04 Sep 2025 00:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | 5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Version 0.13.2 contains a vulnerability in the chat page's script gadgets that enables content injection attacks through multiple vectors: malicious prompt injection pages, compromised MCP servers, and exploited tool integrations. This is fixed in version 0.14.0. | |
Title | 5ire Chat Message XSS Vulnerability Enables Remote Code Execution | |
Weaknesses | CWE-79 | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2025-09-04T00:30:09.292Z
Reserved: 2025-08-29T16:19:59.010Z
Link: CVE-2025-58357

No data.

No data.

No data.

No data.