How severe is CVE-2025-47777?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.6 out of 10.

What type of vulnerability is CVE-2025-47777?

This is classified as CWE-20, which is a common weakness in software security.

CVE-2025-47777

CRITICAL Year: 2025

CVSS v3 Score

9.6

Critical

Weakness Type

CWE-20

View all →

Vulnerability Description

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Versions prior to 0.11.1 are vulnerable to stored cross-site scripting in chatbot responses due to insufficient sanitization. This, in turn, can lead to Remote Code Execution (RCE) via unsafe Electron protocol handling and exposed Electron APIs. All users of 5ire client versions prior to patched releases, particularly those interacting with untrusted chatbots or pasting external content, are affected. Version 0.11.1 contains a patch for the issue.

CVE-2016-1706

CRITICAL

CVSS:9.6(Critical)

The PPAPI implementation in Google Chrome before 52.0.2743.82 does not validate the origin of IPC messages to the plugin broker process that should have come from the browser process, which allows rem...

CWE-202016

CVE-2017-14589

CRITICAL

CVSS:9.6(Critical)

It was possible for double OGNL evaluation in FreeMarker templates through Struts FreeMarker tags to occur. An attacker who has restricted administration rights to Bamboo or who hosts a website that a...

CWE-202017

CVE-2017-15402

CRITICAL

CVSS:9.6(Critical)

Using an ID that can be controlled by a compromised renderer which allows any frame to overwrite the page_state of any other frame in the same process in Navigation in Google Chrome on Chrome OS prior...

CWE-202017

CVE-2018-0104

CRITICAL

CVSS:9.6(Critical)

A vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow a remote attacker to execute arbitrary code on the system of a targeted user. The attacker...

CWE-202018

CVE-2018-0264

CRITICAL

CVSS:9.6(Critical)

A vulnerability in the Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow an unauthenticated, remote attacker to execute arbitrary code on the system of a targe...

CWE-202018

CVE-2018-11314

CRITICAL

CVSS:9.6(Critical)

The External Control API in Roku and Roku TV products allow unauthorized access via a DNS Rebind attack. This can result in remote device control and privileged device and network information to be ex...

CWE-202018

CVE-2025-47777

Vulnerability Description

Related Vulnerabilities

CVE-2016-1706

CVE-2017-14589

CVE-2017-15402

CVE-2018-0104

CVE-2018-0264

CVE-2018-11314