CVE-2025-61929
- EPSS 0.1%
- Veröffentlicht 10.10.2025 19:50:14
- Zuletzt bearbeitet 04.12.2025 17:47:27
Cherry Studio is a desktop client that supports for multiple LLM providers. Cherry Studio registers a custom protocol called `cherrystudio://`. When handling the MCP installation URL, it parses the base64-encoded configuration data and directly execu...
CVE-2025-54382
- EPSS 0.26%
- Veröffentlicht 13.08.2025 13:31:13
- Zuletzt bearbeitet 01.12.2025 18:09:10
Cherry Studio is a desktop client that supports for multiple LLM providers. In version 1.5.1, a remote code execution (RCE) vulnerability exists in the Cherry Studio platform when connecting to streamableHttp MCP servers. The issue arises from the se...
CVE-2025-54074
- EPSS 1.36%
- Veröffentlicht 13.08.2025 13:27:28
- Zuletzt bearbeitet 02.12.2025 14:34:21
Cherry Studio is a desktop client that supports for multiple LLM providers. From versions 1.2.5 to 1.5.1, Cherry Studio is vulnerable to OS Command Injection during a connection with a malicious MCP server in HTTP Streamable mode. Attackers can setup...
CVE-2025-54063
- EPSS 0.24%
- Veröffentlicht 11.08.2025 17:59:40
- Zuletzt bearbeitet 02.12.2025 14:34:01
Cherry Studio is a desktop client that supports for multiple LLM providers. From versions 1.4.8 to 1.5.0, there is a one-click remote code execution vulnerability through the custom URL handling. An attacker can exploit this by hosting a malicious we...