CVE-2025-59053CRITICAL 9.6EPSS p40.1%
CVE-2025-59053CVE-2025-59053
Description
AIRI is a self-hosted, artificial intelligence based Grok Companion. In v0.7.2-beta.2 in the `packages/stage-ui/src/components/MarkdownRenderer.vue` path, the Markdown content is processed using the useMarkdown composable, and the processed HTML is rendered directly into the DOM using v-html. An attacker creates a card file containing malicious HTML/JavaScript, then simply processes it using the highlightTagToHtml function (which simply replaces template tags without HTML escaping), and then directly renders it using v-html, leading to cross-site scripting (XSS). The project also exposes the Tauri API, which can be called from the frontend. The MCP plugin exposes a command execution interface function in `crates/tauri-plugin-mcp/src/lib.rs`. This allows arbitrary command execution. `connect_server` directly passes the user-supplied `command` and `args` parameters to `Command::new(command).args(args)` without any input validation or whitelisting. Thus, the previous XSS exploit could achieve command execution through this interface. v0.7.2-beta.3 fixes the issue.
Scoring
| CVSS 3.1 | 9.6 (CRITICAL) |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H |
| EPSS | 0.52% probability of exploitation · percentile 40.1% · 2026-06-18T12:00:27Z |
| Published | 2025-09-11 |
| Last modified | 2026-04-15 |
Underlying weaknesses· 1
References
1
| Type | Target | Confidence | Tier |
|---|---|---|---|
| Weakness | Improper Control of Generation of Code ('Code Injection')cwe-94 | 0% | live |
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.