CVE-2025-59417
published 2025-09-18CVE-2025-59417: Lobe Chat is an open-source artificial intelligence chat framework. Prior to version 1.129.4, there is a a cross-site scripting (XSS) vulnerability when…
PriorityP431medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.37%
28.9th percentile
Lobe Chat is an open-source artificial intelligence chat framework. Prior to version 1.129.4, there is a a cross-site scripting (XSS) vulnerability when handling chat message in lobe-chat that can be escalated to remote code execution on the user’s machine. In lobe-chat, when the response from the server is like , it will be rendered with the lobeArtifact node, instead of the plain text. However, when the type of the lobeArtifact is image/svg+xml , it will be rendered as the SVGRender component, which internally uses dangerouslySetInnerHTML to set the content of the svg, resulting in XSS attack. Any party capable of injecting content into chat messages, such as hosting a malicious page for prompt injection, operating a compromised MCP server, or leveraging tool integrations, can exploit this vulnerability. This vulnerability is fixed in 1.129.4.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| lobehub | chat | >= 0 < 1.129.4 | 1.129.4 |
| lobehub | lobe-chat | < 1.129.4 | 1.129.4 |
| lobehub | lobe_chat | < 1.129.4 | 1.129.4 |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv4.06.8MEDIUMCVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Lobe Chat Desktop vulnerable to Remote Code Execution via XSS in Chat Messages
ghsa·2025-09-18
CVE-2025-59417 [MEDIUM] CWE-79 Lobe Chat Desktop vulnerable to Remote Code Execution via XSS in Chat Messages
Lobe Chat Desktop vulnerable to Remote Code Execution via XSS in Chat Messages
### Summary
We identified a cross-site scripting (XSS) vulnerability when handling chat message in lobe-chat that can be escalated to remote code execution on the user’s machine. Any party capable of injecting content into chat messages, such as hosting a malicious page for prompt injection, operating a compromised MCP server, or leveraging tool integrations, can exploit this vulnerability.
### Vulnerability Details
**XSS via SVG Rendering**
In lobe-chat, when the response from the server is like `` , it will be rendered with the `lobeArtifact` node, instead of the plain text.
https://github.com/lobehub/lobe-chat/blob/0a1dcf943ea294e35acbe57d07f7974efede8e2e/src/features/Conversation/components/MarkdownEle
OSV
Lobe Chat Desktop vulnerable to Remote Code Execution via XSS in Chat Messages
osv·2025-09-18
CVE-2025-59417 [MEDIUM] Lobe Chat Desktop vulnerable to Remote Code Execution via XSS in Chat Messages
Lobe Chat Desktop vulnerable to Remote Code Execution via XSS in Chat Messages
### Summary
We identified a cross-site scripting (XSS) vulnerability when handling chat message in lobe-chat that can be escalated to remote code execution on the user’s machine. Any party capable of injecting content into chat messages, such as hosting a malicious page for prompt injection, operating a compromised MCP server, or leveraging tool integrations, can exploit this vulnerability.
### Vulnerability Details
**XSS via SVG Rendering**
In lobe-chat, when the response from the server is like `` , it will be rendered with the `lobeArtifact` node, instead of the plain text.
https://github.com/lobehub/lobe-chat/blob/0a1dcf943ea294e35acbe57d07f7974efede8e2e/src/features/Conversation/components/MarkdownEle
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-09-18
Published