VYPR

cherry-studio

by CherryHQ

CVEs (3)

  • CVE-2025-61929CriOct 10, 2025
    risk 0.62cvss 9.6epss 0.00

    Cherry Studio is a desktop client that supports for multiple LLM providers. Cherry Studio registers a custom protocol called `cherrystudio://`. When handling the MCP installation URL, it parses the base64-encoded configuration data and directly executes the command within it. In…

  • CVE-2025-54074CriAug 13, 2025
    risk 0.00cvss 9.8epss 0.02

    Cherry Studio is a desktop client that supports for multiple LLM providers. From versions 1.2.5 to 1.5.1, Cherry Studio is vulnerable to OS Command Injection during a connection with a malicious MCP server in HTTP Streamable mode. Attackers can setup a malicious MCP server with…

  • CVE-2025-54063HigAug 11, 2025
    risk 0.00cvss 8.0epss 0.01

    Cherry Studio is a desktop client that supports for multiple LLM providers. From versions 1.4.8 to 1.5.0, there is a one-click remote code execution vulnerability through the custom URL handling. An attacker can exploit this by hosting a malicious website or embedding a…