Cherry Studio RCE Vulnerability Disclosure_CVE-2025-54382

9.7 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Description

Cherry Studio is a desktop client that supports for multiple LLM providers. In version 1.5.1, a remote code execution (RCE) vulnerability exists in the Cherry Studio platform when connecting to streamableHttp MCP servers. The issue arises from the server’s implicit trust in the oauth auth redirection endpoints and failure to properly sanitize the URL. This issue has been patched in version 1.5.2.

Basic Information

ID CVE-2025-54382

Source GitHub_M

Published Aug 13, 2025 at 13:31

Modified Aug 13, 2025 at 14:10

Affected Product

Vendor CherryHQ

Product cherry-studio

Version = 1.5.1

Affected Versions CherryHQ cherry-studio = 1.5.1

CWE Classification

CWE-78

References

github.com /CherryHQ/cherry-studio/security/advisories/GHSA-gjp6-9cvg-8w93

{
    "lastseen": "",
    "description": "Cherry Studio is a desktop client that supports for multiple LLM providers. In version 1.5.1, a remote code execution (RCE) vulnerability exists in the Cherry Studio platform when connecting to streamableHttp MCP servers. The issue arises from the server\u2019s implicit trust in the oauth auth redirection endpoints and failure to properly sanitize the URL. This issue has been patched in version 1.5.2.",
    "published": "2025-08-13T13:31:13.532Z",
    "modified": "2025-08-13T14:10:43.740Z",
    "type": "cve",
    "title": "Cherry Studio RCE Vulnerability Disclosure",
    "source": "GitHub_M",
    "references": "https://github.com/CherryHQ/cherry-studio/security/advisories/GHSA-gjp6-9cvg-8w93",
    "id": "CVE-2025-54382",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78"
    ],
    "cvelist": null,
    "sourceData": "CherryHQ cherry-studio = 1.5.1",
    "sourceHref": "",
    "cvss": {
        "score": 9.7,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "cherry-studio",
    "version": "= 1.5.1",
    "vendor": "CherryHQ",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}