CVE-2025-58176: 
Dive vulnerability analysis and mitigation

A critical remote code execution (RCE) vulnerability was discovered in Dive, an open-source MCP Host Desktop Application that enables integration with function-calling LLMs. The vulnerability, tracked as CVE-2025-58176, affects versions 0.9.0 through 0.9.3 and was disclosed on September 3, 2025. The flaw allows attackers to execute arbitrary code on victims' machines through a maliciously crafted custom URL using the 'transport' parameter in a JSON object (NVD, Security Online).

The vulnerability stems from improper processing of custom URLs in Dive's URL handler. When processing a 'dive://' URL, the application extracts the 'name' and 'config' parameters, where the config can include installation commands for MCP servers. If the 'transport' value is set to 'stdio', the application executes the specified command with provided arguments without proper validation. The vulnerability has been assigned a CVSS v3.1 base score of 8.8 (High) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating high impact on confidentiality, integrity, and availability (GitHub Advisory).

The vulnerability enables attackers to achieve remote code execution on victims' machines that have Dive installed. This can occur through two attack scenarios: when a victim visits a malicious website that automatically redirects to the crafted URL, or when a victim clicks on a malicious link embedded in legitimate websites or user-generated content. The successful exploitation leads to arbitrary code execution with the privileges of the Dive application (GitHub Advisory).

The vulnerability has been patched in Dive version 0.9.4. Users running affected versions (0.9.0 through 0.9.3) are strongly urged to upgrade immediately to the latest version to mitigate the risk of exploitation (NVD).