Overview
A critical Remote Code Execution (RCE) vulnerability, identified as CVE-2025-66562, has been discovered in TUUI, a desktop MCP client designed for unitary utility integration. This vulnerability affects versions prior to 1.3.4. By exploiting an unsafe Cross-Site Scripting (XSS) flaw within the Markdown rendering component, attackers can execute arbitrary system commands on a victim’s machine. Updating to version 1.3.4 is crucial to address this security issue.
Technical Details
The vulnerability stems from an XSS flaw in how TUUI renders Markdown, specifically within ECharts code blocks. TUUI allows the execution of arbitrary JavaScript within these blocks. Furthermore, TUUI exposes an IPC (Inter-Process Communication) interface which allows the spawning of processes. By crafting a malicious Markdown message containing JavaScript code within an ECharts block, an attacker can leverage the IPC interface to execute arbitrary system commands on the victim’s system upon viewing the message.
In essence, the exploit involves embedding malicious JavaScript within a seemingly harmless Markdown message. When a user opens this message in a vulnerable version of TUUI, the JavaScript is executed, triggering the IPC interface to spawn processes and run system commands, effectively granting the attacker control over the victim’s machine.
CVSS Analysis
Due to the nature of this vulnerability being a Remote Code Execution, it should be considered a high-severity issue. A CVSS score wasn’t provided in the initial information, but given the RCE, a score between 8.0 and 10.0 (High to Critical) would be appropriate depending on the exploitability and impact details. This score reflects the potential for significant data loss, system compromise, and denial of service.
Possible Impact
The impact of this vulnerability is significant. An attacker who successfully exploits CVE-2025-66562 can:
- Gain complete control over the victim’s machine.
- Access sensitive data stored on the system.
- Install malware or ransomware.
- Use the compromised system as a staging point for further attacks.
- Disrupt normal operations of the affected system.
Mitigation or Patch Steps
The vulnerability has been fixed in TUUI version 1.3.4. The primary mitigation step is to immediately update to this version or a later release.
- Update TUUI: Download and install the latest version of TUUI (1.3.4 or later) from the official GitHub releases page: https://github.com/AI-QL/tuui/releases/tag/v1.3.4
- Verify the Update: After updating, verify that you are running the patched version of TUUI.
- Be Cautious with Markdown Messages: Until you can update, exercise extreme caution when opening Markdown messages from untrusted sources. Avoid opening messages from senders you do not recognize or that contain suspicious content.
References
- CVE ID: CVE-2025-66562
- Commit Fix: https://github.com/AI-QL/tuui/commit/f673fa5b4d76e8236c7d9506d0727875cfa79cc1
- Release v1.3.4: https://github.com/AI-QL/tuui/releases/tag/v1.3.4
- GitHub Advisory: https://github.com/AI-QL/tuui/security/advisories/GHSA-qjhq-rgmr-6c3g
