CVE-2025-54074

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-54074
Cherry Studio is a desktop client that supports for multiple LLM providers. From versions 1.2.5 to 1.5.1, Cherry Studio is vulnerable to OS Command Injection during a connection with a malicious MCP server in HTTP Streamable mode. Attackers can setup a malicious MCP server with compatible OAuth authorization server endpoints and trick victims into connecting it, leading to OS command injection in vulnerable clients. This issue has been patched in version 1.5.2.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/CherryHQ/cherry-studio/commit/40f9601379150854826ff3572ef7372fb0acdc38 Patch
https://github.com/CherryHQ/cherry-studio/security/advisories/GHSA-8xr5-732g-84px Exploit Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:cherry-ai:cherry_studio:*:*:*:*:*:*:*:*
History

01 Dec 2025, 18:10

Type Values Removed Values Added
References () https://github.com/CherryHQ/cherry-studio/commit/40f9601379150854826ff3572ef7372fb0acdc38 - () https://github.com/CherryHQ/cherry-studio/commit/40f9601379150854826ff3572ef7372fb0acdc38 - Patch
References () https://github.com/CherryHQ/cherry-studio/security/advisories/GHSA-8xr5-732g-84px - () https://github.com/CherryHQ/cherry-studio/security/advisories/GHSA-8xr5-732g-84px - Exploit, Vendor Advisory
Summary
  • (es) Cherry Studio es un cliente de escritorio compatible con múltiples proveedores LLM. Desde la versión 1.2.5 hasta la 1.5.1, Cherry Studio es vulnerable a la inyección de comandos del sistema operativo durante la conexión con un servidor MCP malicioso en modo HTTP Streamable. Los atacantes pueden configurar un servidor MCP malicioso con endpoints de servidor de autorización OAuth compatibles y engañar a las víctimas para que se conecten, lo que provoca la inyección de comandos del sistema operativo en clientes vulnerables. Este problema se ha corregido en la versión 1.5.2.
First Time Cherry-ai
Cherry-ai cherry Studio
CPE cpe:2.3:a:cherry-ai:cherry_studio:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.8

13 Aug 2025, 14:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-08-13 14:15

Updated : 2025-12-02 14:34

NVD link : CVE-2025-54074

Mitre link : CVE-2025-54074

CVE.ORG link : CVE-2025-54074

JSON object : View

Products Affected

cherry-ai

  • cherry_studio
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')