CVE-2025-51860: Stored XSS Vulnerability in TelegAI Chat and Character Components
A stored Cross-Site Scripting (XSS) vulnerability has been identified in TelegAI, potentially allowing attackers to execute arbitrary client-side scripts and compromise user accounts. This blog post details the vulnerability, its impact, and steps you can take to protect yourself.
Vulnerability Details
- CVE ID: CVE-2025-51860
- Description: Stored Cross-Site Scripting (XSS) in TelegAI (telegai.com) in its chat component and character container component. An attacker can achieve arbitrary client-side script execution by crafting an AI Character with SVG XSS payloads in either description, greeting, example dialog, or system prompt. When a user interacts with such a malicious AI Character or just browse its profile, the script executes in the user's browser.
- CVSS Score: 6.1 (Medium)
- CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- CVSS Explanation: This vulnerability is rated as medium because it requires user interaction (clicking on a malicious character or profile) to be exploited. An attacker can inject malicious code that runs in the context of the user's browser, potentially stealing cookies or redirecting the user to a phishing site. The impact on confidentiality and integrity is limited, and availability is not affected.
- Exploit Requirements: The attacker needs to create a malicious AI Character within TelegAI with a specially crafted payload. Users must then interact with this character, either through chat or by viewing its profile.
- Affected Vendor: TelegAI (telegai.com)
- Affected Product: TelegAI Chat and Character Components
- Affected Version: Affects versions up to and including the identified instance on 2025-05-26.
- CWE: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - This means the application does not properly sanitize user-supplied input before displaying it in a web page, allowing an attacker to inject malicious scripts.
Timeline of Events
- 2025-05-26: Vulnerability identified in TelegAI.
- 2025-07-22: CVE-2025-51860 assigned and published.
Exploitability & Real-World Risk
The exploitability of this vulnerability is considered moderate. An attacker with a TelegAI account can create malicious AI characters and attempt to lure other users into interacting with them. The real-world risk is significant, especially given the potential for account hijacking through session token theft. If successful, an attacker could gain unauthorized access to user accounts, potentially leading to data breaches, financial fraud, or other malicious activities. This type of flaw can be used for phishing attacks, defacement, or even to spread malware.
Recommendations
- Patching: Apply the latest security patches released by TelegAI as soon as they become available.
- Input Validation: TelegAI should implement robust input validation and sanitization measures to prevent XSS attacks. Special characters should be properly encoded before being displayed.
- Content Security Policy (CSP): Implement a strong Content Security Policy to restrict the sources from which the browser is allowed to load resources. This can help mitigate the impact of XSS attacks.
- User Awareness: Educate users about the risks of interacting with unknown or suspicious AI characters.
Technical Insight
The vulnerability lies in the way TelegAI handles user-supplied input when creating and displaying AI characters. By injecting malicious SVG code into the character's description, greeting, example dialog, or system prompt, an attacker can cause the browser to execute arbitrary JavaScript code when a user views or interacts with the character. This happens because the application fails to properly sanitize the input, allowing the SVG payload to be interpreted as executable code.
Credit to Researcher(s)
This vulnerability was discovered by Secsys-FDU.
References
Tags
#XSS #CVE-2025-51860 #TelegAI #WebSecurity #Vulnerability #SecurityAdvisory
Summary: A stored XSS vulnerability in TelegAI allows attackers to inject malicious scripts via AI character configurations. Successful exploitation can lead to account hijacking and data theft. Apply security patches and be cautious when interacting with unknown AI characters.
CVE ID: CVE-2025-51860
Risk Analysis: Successful exploitation can lead to the theft of sensitive information, such as session tokens, potentially resulting in account hijacking. An attacker could gain unauthorized access to user accounts, potentially leading to data breaches, financial fraud, or other malicious activities.
Recommendation: Apply the latest security patches, implement robust input validation, enforce a strong Content Security Policy (CSP), and educate users about the risks of interacting with unknown AI characters.
Timeline
- 2025-05-26: Vulnerability identified in TelegAI
- 2025-07-22: CVE-2025-51860 assigned and published