A Single Click Can Hijack Your PC: CVE-2025-58176 RCE Flaw Found in Dive Desktop App

The Open Agent Platform has issued a security advisory warning of a critical vulnerability in its Dive desktop application, tracked as CVE-2025-58176 (CVSS 8.8). The flaw exposes users to remote code execution (RCE) risks triggered through a maliciously crafted custom URL.

Dive is an open-source MCP Host Desktop Application that seamlessly integrates with any LLMs supporting function calling capabilities.

According to the advisory, “A one-click remote code execution (RCE) in the latest version (v0.9.3) of Dive triggered from a custom url in the form of dive:.”

Attackers can exploit the issue in two ways:

• Redirecting a victim from a malicious website to the crafted dive:// link.
• Embedding the link in legitimate websites, social media, or user-generated content.

In both cases, when the victim’s browser processes the dive:// handler, the Dive application is launched, and the crafted URL leads to arbitrary code execution on the machine.

The problem stems from how Dive processes custom URLs. The handler in deeplink.ts extracts the name and config parameters, which can include installation commands for MCP servers.

The advisory notes: “When the value of ‘transport’ is ‘stdio’, the command will execute with the args. For example, the config will lead to execution of python3 my_script.py.”

A proof-of-concept provided shows how attackers could trigger execution of arbitrary commands. For instance, on macOS, a crafted config could be used to launch Calculator:

open -a /System/Applications/Calculator.app

By encoding this configuration into Base64 and embedding it in the custom URL, attackers could weaponize the exploit into a working proof-of-concept link.

The advisory stresses: “This vulnerability causes remote code execution on the victim’s machine if they have Dive installed. The problem exists in the most up to date Dive (v0.9.3).”

Given its one-click nature and the trivial PoC, this RCE poses a serious risk, especially if combined with phishing or social engineering campaigns.

The vulnerability has been fixed in Dive version 0.9.4. Users are strongly urged to upgrade immediately.

Related Posts:

• Researcher details one-click RCE on Microsoft Visual Studio
• CVE-2023-41106: Zimbra Collaboration Suite Vulnerability Could Allow Unauthenticated Access
• Microsoft has published the Windows Desktop Program
• Google Chrome continues to be the #1 desktop browser in the world

Support Our Threat Intelligence

If you find our CVE report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal

Crypto

USDT (TRC20):

TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm Copy

USDT (ERC20):

0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce Copy