Remote Code Execution Vulnerability in 5ire AI Assistant
CVE-2025-68669

9.7CRITICAL

Key Information:

Vendor

Nanbingxyz

Status
5ire
Vendor
CVE Published:
23 December 2025

What is CVE-2025-68669?

The 5ire AI Assistant, a cross-platform desktop application, has a vulnerability stemming from the markdown-it-mermaid plugin, which is configured with securityLevel: 'loose' in versions 0.15.2 and earlier. This configuration allows the embedding of potentially malicious HTML tags within Mermaid diagram nodes, posing a significant security risk as it may lead to remote code execution. As of the latest update, no fix has been released to address this issue.

Affected Version(s)

5ire <= 0.15.2

References

https://github.com/nanbingxyz/5ire/security/advisories/GH...
x_refsource_CONFIRM
https://github.com/nanbingxyz/5ire/blob/c40d05a2b54609478...
x_refsource_MISC
https://github.com/nanbingxyz/5ire/releases/tag/v0.15.2
x_refsource_MISC

CVSS V3.1

Score:
9.7
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-68669 : Remote Code Execution Vulnerability in 5ire AI Assistant