DNA View

Critical Severity Vulnerability

This vulnerability has been rated as Critical severity. Immediate action is recommended.

CVE-2025-66580

Critical

Low Medium High Critical

9.6

CVSS Score

Published: Dec 19, 2025

Last Modified: Jan 02, 2026

Vulnerability Description

Dive is an open-source MCP Host Desktop Application that enables integration with function-calling LLMs. A critical Stored Cross-Site Scripting (XSS) vulnerability exists in versions prior to 0.11.1 in the Mermaid diagram rendering component. The application allows the execution of arbitrary JavaScript via `javascript:`. An attacker can exploit this to inject a malicious Model Context Protocol (MCP) server configuration, leading to Remote Code Execution (RCE) on the victim's machine when the node is clicked. Version 0.11.1 fixes the issue.

CVSS Metrics

Common Vulnerability Scoring System

Vector String:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Known Affected Software

39 configuration(s) from 1 vendor(s)

dive

Version:

0.9.3

CPE:

cpe:2.3:a:openagentplatform:dive:0.9.3:*:*:*:*:*:*:*

dive

Version:

0.8.7

CPE:

cpe:2.3:a:openagentplatform:dive:0.8.7:*:*:*:*:*:*:*

dive

Version:

0.6.3

CPE:

cpe:2.3:a:openagentplatform:dive:0.6.3:*:*:*:*:*:*:*

dive

Version:

0.7.6

CPE:

cpe:2.3:a:openagentplatform:dive:0.7.6:*:*:*:*:*:*:*

dive

Version:

0.7.4

CPE:

cpe:2.3:a:openagentplatform:dive:0.7.4:*:*:*:*:*:*:*

dive

Version:

0.7.1

CPE:

cpe:2.3:a:openagentplatform:dive:0.7.1:*:*:*:*:*:*:*

dive

Version:

0.7.7

CPE:

cpe:2.3:a:openagentplatform:dive:0.7.7:*:*:*:*:*:*:*

dive

Version:

0.3.0

CPE:

cpe:2.3:a:openagentplatform:dive:0.3.0:*:*:*:*:*:*:*

dive

Version:

0.5.0

CPE:

cpe:2.3:a:openagentplatform:dive:0.5.0:*:*:*:*:*:*:*

dive

Version:

0.1.0

CPE:

cpe:2.3:a:openagentplatform:dive:0.1.0:*:*:*:*:*:*:*

dive

Version:

0.9.2

CPE:

cpe:2.3:a:openagentplatform:dive:0.9.2:*:*:*:*:*:*:*

dive

Version:

0.4.0

CPE:

cpe:2.3:a:openagentplatform:dive:0.4.0:*:*:*:*:*:*:*

dive

Version:

0.7.3

CPE:

cpe:2.3:a:openagentplatform:dive:0.7.3:*:*:*:*:*:*:*

dive

Version:

0.6.1

CPE:

cpe:2.3:a:openagentplatform:dive:0.6.1:*:*:*:*:*:*:*

dive

Version:

0.9.4

CPE:

cpe:2.3:a:openagentplatform:dive:0.9.4:*:*:*:*:*:*:*

dive

Version:

0.8.5

CPE:

cpe:2.3:a:openagentplatform:dive:0.8.5:*:*:*:*:*:*:*

dive

Version:

0.8.9

CPE:

cpe:2.3:a:openagentplatform:dive:0.8.9:rc1:*:*:*:*:*:*

dive

Version:

0.8.0

CPE:

cpe:2.3:a:openagentplatform:dive:0.8.0:*:*:*:*:*:*:*

dive

Version:

0.2.1

CPE:

cpe:2.3:a:openagentplatform:dive:0.2.1:*:*:*:*:*:*:*

dive

Version:

0.3.2

CPE:

cpe:2.3:a:openagentplatform:dive:0.3.2:*:*:*:*:*:*:*

dive

Version:

0.6.0

CPE:

cpe:2.3:a:openagentplatform:dive:0.6.0:*:*:*:*:*:*:*

dive

Version:

0.9.0

CPE:

cpe:2.3:a:openagentplatform:dive:0.9.0:*:*:*:*:*:*:*

dive

Version:

0.8.2

CPE:

cpe:2.3:a:openagentplatform:dive:0.8.2:*:*:*:*:*:*:*

dive

Version:

0.2.0

CPE:

cpe:2.3:a:openagentplatform:dive:0.2.0:*:*:*:*:*:*:*

dive

Version:

0.7.5

CPE:

cpe:2.3:a:openagentplatform:dive:0.7.5:*:*:*:*:*:*:*

dive

Version:

0.9.1

CPE:

cpe:2.3:a:openagentplatform:dive:0.9.1:*:*:*:*:*:*:*

dive

Version:

0.3.1

CPE:

cpe:2.3:a:openagentplatform:dive:0.3.1:*:*:*:*:*:*:*

dive

Version:

0.8.3

CPE:

cpe:2.3:a:openagentplatform:dive:0.8.3:*:*:*:*:*:*:*

dive

Version:

0.7.8

CPE:

cpe:2.3:a:openagentplatform:dive:0.7.8:*:*:*:*:*:*:*

dive

Version:

0.7.0

CPE:

cpe:2.3:a:openagentplatform:dive:0.7.0:*:*:*:*:*:*:*

dive

Version:

0.8.8

CPE:

cpe:2.3:a:openagentplatform:dive:0.8.8:*:*:*:*:*:*:*

dive

Version:

0.8.1

CPE:

cpe:2.3:a:openagentplatform:dive:0.8.1:*:*:*:*:*:*:*

dive

Version:

0.7.2

CPE:

cpe:2.3:a:openagentplatform:dive:0.7.2:*:*:*:*:*:*:*

dive

Version:

0.5.1

CPE:

cpe:2.3:a:openagentplatform:dive:0.5.1:*:*:*:*:*:*:*

dive

Version:

0.7.9

CPE:

cpe:2.3:a:openagentplatform:dive:0.7.9:*:*:*:*:*:*:*

dive

Version:

0.8.6

CPE:

cpe:2.3:a:openagentplatform:dive:0.8.6:*:*:*:*:*:*:*

dive

Version:

0.6.2

CPE:

cpe:2.3:a:openagentplatform:dive:0.6.2:*:*:*:*:*:*:*

dive

Version:

0.8.4

CPE:

cpe:2.3:a:openagentplatform:dive:0.8.4:*:*:*:*:*:*:*

dive

Version:

0.1.1

CPE:

cpe:2.3:a:openagentplatform:dive:0.1.1:*:*:*:*:*:*:*

This vulnerability affects 39 software configuration(s). Ensure you patch all affected systems.

References & Resources

Severity Details

9.6

out of 10.0

Critical

Key Information

Published Date: December 19, 2025

External Resources

NIST NVD

National Vulnerability Database

CVE Details

Detailed vulnerability info

MITRE CVE

Official CVE record

CVE Vulnerabilities

Posts & Pages

Critical Severity Vulnerability

CVE-2025-66580

Vulnerability Description

CVSS Metrics

Known Affected Software

openagentplatform

References & Resources

Severity Details

Key Information

External Resources