CVE-2025-47777

Name: CVE-2025-47777
Creator: NVD / NIST
Published: 2025-05-14T16:15:28.957+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

CRITICALCVSS 9.6/10EPSS 0.81%

Last modified Jun 17, 2026

CVE-2025-47777 is a critical-severity vulnerability rated 9.6/10 on the CVSS scale. 5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Versions prior to 0.11.1 are vulnerable to stored cross-site scripting in chatbot responses due to insufficient sanitization. EPSS estimates a 0.81% chance of exploitation in the next 30 days.

Description

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Versions prior to 0.11.1 are vulnerable to stored cross-site scripting in chatbot responses due to insufficient sanitization. This, in turn, can lead to Remote Code Execution (RCE) via unsafe Electron protocol handling and exposed Electron APIs. All users of 5ire client versions prior to patched releases, particularly those interacting with untrusted chatbots or pasting external content, are affected. Version 0.11.1 contains a patch for the issue.

Metrics

CVSS 3.1

9.6/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

EPSS Probability

0.81%

52.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
5ire	5ire	< 0.11.1

References

https://github.com/nanbingxyz/5ire/commit/56601e012095194a4be0d4cb6da6b5b3cb53dea8Patch
https://github.com/nanbingxyz/5ire/security/advisories/GHSA-mr8w-mmvv-6hq8Vendor Advisory
https://positive.security/blog/url-open-rceNot Applicable
https://shabarkin.notion.site/1-click-RCE-in-Electron-Applications-501c2e96e7934610979cd3c72e844a22Not Applicable
https://www.electronjs.org/docs/latest/tutorial/securityNot Applicable
https://www.youtube.com/watch?v=ROFYhS9E9eUExploit

Timeline

Published: May 14, 2025
Last Modified: Jun 17, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2025-47777?

How severe is CVE-2025-47777?

CVE-2025-47777 has a CVSS score of 9.6/10 (CRITICAL severity). The EPSS model estimates a 0.81% probability of exploitation in the next 30 days.

How do I fix CVE-2025-47777?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2025-47777?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST