Miggo Logo
Miggo Vulnerability Database
CVE-2025-59417

CVE-2025-59417: Lobe Chat Desktop vulnerable to Remote Code Execution via XSS in Chat Messages

6.1

CVSS Score
3.1

Basic Information

CVE ID
CVE-2025-59417
GHSA ID
GHSA-m79r-r765-5f9j
EPSS Score
-
CWE
CWE-79
Published
9/18/2025
Updated
9/18/2025
KEV Status
No
Technology
TechnologyJavaScript

Technical Details

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Package NameEcosystemVulnerable VersionsFirst Patched Version
@lobehub/chatnpm<= 1.129.31.129.4

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability analysis identified a two-stage exploit chain leading to Remote Code Execution. The root cause is a Cross-Site Scripting (XSS) vulnerability in the SVGRenderer component, located in src/features/Portal/Artifacts/Body/Renderer/SVG.tsx. This component unsafely uses dangerouslySetInnerHTML to render SVG content from chat messages, allowing attackers to execute arbitrary JavaScript. The patch commit 9f044edd07ce102fe9f4b2fb47c62191c36da05c confirms this by introducing SVG sanitization using DOMPurify right before the content is rendered.

The second stage of the attack involves escalating the XSS to RCE. The vulnerability description points to the SystemCtr.openExternalLink method in apps/desktop/src/main/controllers/SystemCtr.ts. This IPC function can be called from the compromised renderer process to open any link, including local files using the file:// protocol, without validation. This allows the execution of arbitrary applications on the host system. While the provided patch focuses on fixing the XSS entry point, SystemCtr.openExternalLink remains the critical function that enables the escalation to RCE and is therefore a key part of this vulnerability.

Vulnerable functions

SVGRenderer
src/features/Portal/Artifacts/Body/Renderer/SVG.tsx
The `SVGRenderer` component is a React functional component that directly renders SVG content from a chat message using `dangerouslySetInnerHTML`. The `content` prop, which holds the SVG string, is not sanitized before being passed to `dangerouslySetInnerHTML`. This allows an attacker to inject a malicious SVG payload containing executable JavaScript (e.g., via an `onerror` event on an `<img>` tag), leading to a Cross-Site Scripting (XSS) vulnerability in the application's renderer process.
SystemCtr.openExternalLink
apps/desktop/src/main/controllers/SystemCtr.ts
This function is an IPC handler exposed to the renderer process. It takes a string `link` and executes `shell.openExternal(link)` without any validation on the protocol or target. An attacker who has achieved XSS in the renderer process (via the `SVGRenderer` vulnerability) can invoke this function with a `file://` URL pointing to a local executable. This allows the XSS to be escalated to full Remote Code Execution on the user's machine.

WAF Protection Rules

WAF Rule

### Summ*ry W* i**nti*i** * *ross-sit* s*riptin* (XSS) vuln*r**ility w**n **n*lin* ***t m*ss*** in lo**-***t t**t **n ** *s**l*t** to r*mot* *o** *x**ution on t** us*r’s m***in*. *ny p*rty **p**l* o* inj**tin* *ont*nt into ***t m*ss***s, su** *s *os

Reasoning

T** vuln*r**ility *n*lysis i**nti*i** * two-st*** *xploit ***in l***in* to R*mot* *o** *x**ution. T** root **us* is * *ross-Sit* S*riptin* (XSS) vuln*r**ility in t** `SV*R*n**r*r` *ompon*nt, lo**t** in `sr*/***tur*s/Port*l/*rti***ts/*o*y/R*n**r*r/SV*