216.73.217.22

CVE-2025-54063

· Published 11/08/2025 18:15 · Modified 11/08/2025 18:32

Labels: CVE-2025-54063 2025-08-11CVE-2025-54063CWE-94[email protected]

Essential information

Published
11/08/2025 18:15
Modified
11/08/2025 18:32
Author
Creator
CVSS
8.0 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS metrics

Description

Cherry Studio is a desktop client that supports for multiple LLM providers. From versions 1.4.8 to 1.5.0, there is a one-click remote code execution vulnerability through the custom URL handling. An attacker can exploit this by hosting a malicious website or embedding a specially crafted URL on any website. If a victim clicks the exploit link in their browser, the app’s custom URL handler is triggered, leading to remote code execution on the victim’s machine. This issue has been patched in version 1.5.1.

NVD status

Status
Awaiting Analysis — CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
cherry studio / cherry studio cpe:2.3:a:cherry_studio:cherry_studio:1.4.8-1.5.0:*:*:*:*:*:*:*
cherry studio / cherry studio cpe:2.3:a:cherry_studio:cherry_studio:1.5.1:*:*:*:*:*:*:*

References