{"id":"CVE-2025-55733","summary":"DeepChat One-click Remote Code Execution through Custom URL Handling","details":"DeepChat is a smart assistant that connects powerful AI to your personal world.  DeepChat before 0.3.1 has a one-click remote code execution vulnerability. An attacker can exploit this vulnerability by embedding a specially crafted deepchat: URL on any website, including a malicious one they control. When a victim visits such a site or clicks on the link, the browser triggers the app’s custom URL handler (deepchat:), causing the DeepChat application to launch and process the URL, leading to remote code execution on the victim’s machine. This vulnerability is fixed in 0.3.1.","aliases":["GHSA-hqr4-4gfc-5p2j"],"modified":"2026-07-15T01:48:51.689030400Z","published":"2025-08-19T18:26:38.741Z","database_specific":{"cwe_ids":["CWE-94"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/55xxx/CVE-2025-55733.json","cna_assigner":"GitHub_M"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/55xxx/CVE-2025-55733.json"},{"type":"ADVISORY","url":"https://github.com/ThinkInAIXYZ/deepchat/security/advisories/GHSA-hqr4-4gfc-5p2j"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-55733"},{"type":"FIX","url":"https://github.com/ThinkInAIXYZ/deepchat/commit/a0ff6f362e01ddceb7fd42d0af0b28b6184fb4d2"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/thinkinaixyz/deepchat","events":[{"introduced":"7174593870e6c432d7fcda3b4697bbaf6e1c7d22"},{"fixed":"a0ff6f362e01ddceb7fd42d0af0b28b6184fb4d2"}],"database_specific":{"cpe":"cpe:2.3:a:thinkinai:deepchat:0.3.0:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0.3.0"},{"last_affected":"0.3.0"}],"source":["CPE_STRING","REFERENCES"]}}],"versions":["0.3.0","v0.3.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-55733.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}]}