CVE-2025-58176

HIGH

Dive 0.9.0-0.9.3 - Remote Code Execution via Custom URL Transport Parameter

Title source: llm

Description

Dive is an open-source MCP Host Desktop Application that enables integration with function-calling LLMs. In versions 0.9.0 through 0.9.3, there is a one-click Remote Code Execution vulnerability triggered through a custom url value, `transport` in the JSON object. An attacker can exploit the vulnerability in the following two scenarios: a victim visits a malicious website controlled by the attacker and the website redirect to the URL automatically, or a victim clicks on such a crafted link embedded on a legitimate website (e.g., in user-generated content). In both cases, the browser invokes Dive's custom URL handler (dive:), which launches the Dive app and processes the crafted URL, leading to arbitrary code execution on the victim’s machine. This vulnerability is caused by improper processing of custom url. This is fixed in version 0.9.4.

References (2)

Core 2

Core References

Exploit, Vendor Advisory x_refsource_confirm

https://github.com/OpenAgentPlatform/Dive/security/advisories/GHSA-2r34-7pgx-vvrc

Patch x_refsource_misc

https://github.com/OpenAgentPlatform/Dive/commit/acae6d40354d380f69f8241e9122a43ff64cff11

View Patch ZIP pw:eip

Scores

CVSS v3 8.8

EPSS 0.0770

EPSS Percentile 93.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-94

Status published

Products (1)

openagentplatform/dive 0.9.0 - 0.9.4

Published Sep 03, 2025

Tracked Since Feb 18, 2026