CVE-2025-54382

Published: Aug 13, 2025Modified: Dec 1, 2025

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Cherry Studio is a desktop client that supports for multiple LLM providers. In version 1.5.1, a remote code execution (RCE) vulnerability exists in the Cherry Studio platform when connecting to streamableHttp MCP servers. The issue arises from the server’s implicit trust in the oauth auth redirection endpoints and failure to properly sanitize the URL. This issue has been patched in version 1.5.2.

Affected (1)

Products: Cherry Ai: Cherry Studio

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cherry Ai Cherry Studio	Before 1.5.2

Related CWEs

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (1)

https://github.com/CherryHQ/cherry-studio/security/advisories/GHSA-gjp6-9cvg-8w93

Source: security-advisories@github.com

ExploitVendor Advisory

Timeline

No history available yet.