HIGHCVE-2025-54063CVSS 8

CVE-2025-54063: RCE in Cherry Studio Desktop Client

Q: What is CVE-2025-54063 — RCE in Cherry Studio Desktop Client?

CVE-2025-54063 is a Remote Code Execution vulnerability in Cherry Studio versions 1.4.8 to 1.5.0, allowing attackers to execute code via a malicious URL.

Q: Am I affected by CVE-2025-54063 in Cherry Studio Desktop Client?

You are affected if you are using Cherry Studio versions 1.4.8 through 1.5.0. Upgrade to version 1.5.1 to resolve the vulnerability.

Q: How do I fix CVE-2025-54063 in Cherry Studio Desktop Client?

Upgrade Cherry Studio to version 1.5.1 or later. Exercise caution when clicking links from untrusted sources.

Q: Is CVE-2025-54063 being actively exploited?

While no public exploits are currently known, the ease of exploitation suggests a potential for active exploitation.

Q: Where can I find the official Cherry Studio advisory for CVE-2025-54063?

Refer to the Cherry Studio official website or their security advisory page for the latest information and updates regarding CVE-2025-54063.

Platform

windows

Component

cherry-studio

Fixed in

1.4.9

AI Confidence: highNVDEPSS 0.4%Reviewed: May 2026

View on NVD

Save

CVE-2025-54063 describes a Remote Code Execution (RCE) vulnerability discovered in Cherry Studio, a desktop client for LLM providers. This vulnerability allows an attacker to execute arbitrary code on a victim's machine through a specially crafted URL. The issue affects versions 1.4.8 through 1.5.0 and has been resolved in version 1.5.1.

Impact and Attack Scenarios

The impact of this vulnerability is significant, as it allows for complete remote control of the affected system. An attacker can exploit this by hosting a malicious website or embedding a crafted URL on any website. When a victim clicks this link in their browser, Cherry Studio's custom URL handler is triggered, leading to the execution of arbitrary code. This could result in data theft, malware installation, or complete system compromise. The attacker essentially gains the same privileges as the user running the Cherry Studio application.

Exploitation Context

This vulnerability was publicly disclosed on 2025-08-11. No public proof-of-concept (PoC) code has been released at the time of writing, but the ease of exploitation (simply clicking a link) suggests a medium probability of exploitation. It is not currently listed on CISA KEV.

Threat Intelligence

Exploit Status

Proof of ConceptUnknown

CISA KEVNO

Internet ExposureMedium

EPSS

0.37% (59% percentile)

CISA SSVC

Exploitationpoc

Automatableno

Technical Impacttotal

CVSS Vector

Affected Software

Componentcherry-studio

VendorCherryHQ

Affected rangeFixed in

>= 1.4.8, < 1.5.1 – >= 1.4.8, < 1.5.11.4.9

Weakness Classification (CWE)

CWE-94

Timeline

Reserved2025-07-16
Published2025-08-11
EPSS updated2026-03-23

Mitigation and Workarounds

The primary mitigation for CVE-2025-54063 is to immediately upgrade Cherry Studio to version 1.5.1 or later. If upgrading is not immediately feasible, users should exercise extreme caution when clicking links from untrusted sources. Consider implementing a web proxy or firewall rule to block access to suspicious URLs. While a direct detection signature is challenging, monitor for unusual process execution originating from the Cherry Studio application.

How to fix

Actualice Cherry Studio a la versión 1.5.1 o posterior. Esta versión contiene una corrección para la vulnerabilidad de ejecución remota de código. Descargue la última versión desde el sitio web oficial de CherryHQ o a través del mecanismo de actualización dentro de la aplicación.

CVE Security Newsletter

Vulnerability analysis and critical alerts directly to your inbox.

Frequently asked questions

What is CVE-2025-54063 — RCE in Cherry Studio Desktop Client?

CVE-2025-54063 is a Remote Code Execution vulnerability in Cherry Studio versions 1.4.8 to 1.5.0, allowing attackers to execute code via a malicious URL.

Am I affected by CVE-2025-54063 in Cherry Studio Desktop Client?

You are affected if you are using Cherry Studio versions 1.4.8 through 1.5.0. Upgrade to version 1.5.1 to resolve the vulnerability.

How do I fix CVE-2025-54063 in Cherry Studio Desktop Client?

Upgrade Cherry Studio to version 1.5.1 or later. Exercise caution when clicking links from untrusted sources.

Is CVE-2025-54063 being actively exploited?

While no public exploits are currently known, the ease of exploitation suggests a potential for active exploitation.

Where can I find the official Cherry Studio advisory for CVE-2025-54063?

Refer to the Cherry Studio official website or their security advisory page for the latest information and updates regarding CVE-2025-54063.

NextGuard

Vulnerabilities

Is your project affected?

Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.

Scan free

Search CVEs

What do these metrics mean?

Attack Vector: Adjacent — requires network proximity: same LAN, Bluetooth, or local wireless segment. Not internet-exposed.
Attack Complexity: Low — no special conditions required. Attacker can exploit reliably without depending on rare configurations or timing.
Privileges Required: None — unauthenticated. No login or credentials needed to exploit.
User Interaction: Required — victim must take an action: open a file, click a link, or visit a crafted page.
Scope: Unchanged — impact is limited to the vulnerable component itself.
Confidentiality: High — complete confidentiality loss. Attacker can read all data: credentials, keys, personal data.
Integrity: High — attacker can write, modify, or delete any data: databases, config files, or code.
Availability: High — complete crash or resource exhaustion. Full denial of service.