CVE-2025-59417: 
JavaScript vulnerability analysis and mitigation

Lobe Chat, an open-source artificial intelligence chat framework, was found to contain a critical vulnerability (CVE-2025-59417) prior to version 1.129.4. The vulnerability involves a cross-site scripting (XSS) attack vector in the chat message handling system that could be escalated to remote code execution on the user's machine. The issue was discovered and disclosed on September 18, 2025, affecting all versions up to 1.129.3 (GitHub Advisory, NVD).

The vulnerability stems from improper handling of SVG content in the chat message renderer. When the lobeArtifact type is set to 'image/svg+xml', the SVGRender component uses dangerouslySetInnerHTML to render the content without proper sanitization. This implementation allows for arbitrary JavaScript execution through SVG payload injection. The vulnerability received a CVSS v4.0 score of 6.8 (Medium) with the vector string CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P (GitHub Advisory).

The vulnerability enables attackers to achieve full remote code execution by injecting crafted chat messages. Any party capable of injecting content into chat messages, whether through hosting a malicious page for prompt injection, operating a compromised MCP server, or leveraging tool integrations, can exploit this vulnerability to execute arbitrary code on the user's machine (GitHub Advisory, Miggo).

The vulnerability has been patched in version 1.129.4 through the implementation of SVG content sanitization using DOMPurify. The fix includes adding proper sanitization before rendering SVG content and implementing strict validation of external link handling (GitHub Commit).