CVE-2025-54382

Cherry Studio is a desktop client that supports for multiple LLM providers. In version 1.5.1, a remote code execution (RCE) vulnerability exists in the Cherry Studio platform when connecting to streamableHttp MCP servers. The issue arises from the server’s implicit trust in the oauth auth redirection endpoints and failure to properly sanitize the URL. This issue has been patched in version 1.5.2.

CVSS v3 9.6 CRITICAL

9.6^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 2.8 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://github.com/CherryHQ/cherry-studio/security/advisories/GHSA-gjp6-9cvg-8w93	Exploit Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:cherry-ai:cherry_studio:*:*:*:*:*:*:*:*

History

01 Dec 2025, 18:09

Type	Values Removed	Values Added
First Time		Cherry-ai Cherry-ai cherry Studio
Summary		(es) Cherry Studio es un cliente de escritorio compatible con múltiples proveedores LLM. En la versión 1.5.1, existe una vulnerabilidad de ejecución remota de código (RCE) en la plataforma Cherry Studio al conectarse a servidores MCP streamableHttp. El problema surge debido a la confianza implícita del servidor en los endpoints de redirección de autenticación OAuth y a la imposibilidad de depurar correctamente la URL. Este problema se ha corregido en la versión 1.5.2.
CPE		cpe:2.3:a:cherry-ai:cherry_studio::::::::
References	~~() https://github.com/CherryHQ/cherry-studio/security/advisories/GHSA-gjp6-9cvg-8w93 -~~	() https://github.com/CherryHQ/cherry-studio/security/advisories/GHSA-gjp6-9cvg-8w93 - Exploit, Vendor Advisory

13 Aug 2025, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-13 14:15

Updated : 2025-12-01 18:09

NVD link : CVE-2025-54382

Mitre link : CVE-2025-54382

CVE.ORG link : CVE-2025-54382

JSON object : View

Products Affected

cherry-ai

cherry_studio

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

{"id": "CVE-2025-54382", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.6, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2025-08-13T14:15:32.323", "references": [{"url": "https://github.com/CherryHQ/cherry-studio/security/advisories/GHSA-gjp6-9cvg-8w93", "tags": ["Exploit", "Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "Cherry Studio is a desktop client that supports for multiple LLM providers. In version 1.5.1, a remote code execution (RCE) vulnerability exists in the Cherry Studio platform when connecting to streamableHttp MCP servers. The issue arises from the server\u2019s implicit trust in the oauth auth redirection endpoints and failure to properly sanitize the URL. This issue has been patched in version 1.5.2."}, {"lang": "es", "value": "Cherry Studio es un cliente de escritorio compatible con m\u00faltiples proveedores LLM. En la versi\u00f3n 1.5.1, existe una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo (RCE) en la plataforma Cherry Studio al conectarse a servidores MCP streamableHttp. El problema surge debido a la confianza impl\u00edcita del servidor en los endpoints de redirecci\u00f3n de autenticaci\u00f3n OAuth y a la imposibilidad de depurar correctamente la URL. Este problema se ha corregido en la versi\u00f3n 1.5.2."}], "lastModified": "2025-12-01T18:09:10.647", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cherry-ai:cherry_studio:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "72A422A0-38BC-44D1-9B3A-4DFDE73D7A74", "versionEndExcluding": "1.5.2"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}