CVE-2025-58357

Published
View on NVD ↗
CVSS v3
9.6
CRITICAL
CVSS v2
N/A
Affected
1
PROJECT

Description

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Version 0.13.2 contains a vulnerability in the chat page's script gadgets that enables content injection attacks through multiple vectors: malicious prompt injection pages, compromised MCP servers, and exploited tool integrations. This is fixed in version 0.14.0.

nanbingxyz/5ire
nanbingxyz/5ire
5ire is a cross-platform desktop AI assistant, MCP client. It compatible with major service providers, supports local knowledge base and tools via model context protocol servers .
GitHubGitHub
5.24K