AI security incident: CVE-2025-68669 (NVD)
5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. In versions 0.15.2 and prior, an RCE vulnerability exists in useMarkdown.ts, where the markdown-it-mermaid plugin is initialized with securityLevel: 'loose'. This configuration explicitly permits the rendering of HTML tags within Mermaid diagram nodes. This issue has not been patched at time of publication.
Impact
Severity HIGH. Confidence 89%. Source channel: NVD.
Recommended Response
- Validate whether your organization uses the affected AI tool, model, or integration path.
- Apply vendor patches or mitigations and restrict risky permissions until validated.
- Monitor logs for related indicators and document containment actions for compliance evidence.
Sources
Want alerts like this in real time?
Get notified with incident context, likely impact, and response guidance.
Get Notified