Platform
macos
Component
cherry-studio
Fixed in
1.7.1
CVE-2025-61929 is a critical Remote Code Execution (RCE) vulnerability affecting Cherry Studio versions up to 1.7.0-alpha.4 on macOS. This flaw allows attackers to execute arbitrary commands by crafting malicious cherrystudio:// protocol URLs, potentially leading to complete system compromise. A fix is available in version 1.7.1.
The vulnerability lies in how Cherry Studio handles the cherrystudio:// protocol, specifically when processing MCP (Model Configuration Provider) installation URLs. The application directly executes commands embedded within base64-encoded configuration data received through these URLs, without proper sanitization. An attacker could embed malicious code within a crafted URL, which, when opened by a user, would be executed on their system. This could lead to arbitrary code execution, allowing the attacker to install malware, steal sensitive data, or gain persistent access to the affected machine. The potential impact is severe, as the attacker gains full control over the system.
This vulnerability has been publicly disclosed and assigned a CVSS score of 9.7 (CRITICAL). While no active exploitation campaigns have been publicly confirmed at the time of writing, the ease of exploitation and the potential for widespread impact make it a high-priority concern. The vulnerability is not currently listed on CISA KEV. Public proof-of-concept exploits are likely to emerge given the vulnerability's nature.
Exploit Status
EPSS
0.07% (21% percentile)
CISA SSVC
CVSS Vector
The primary mitigation is to immediately upgrade Cherry Studio to version 1.7.1 or later, which addresses this vulnerability. If upgrading is not immediately feasible, consider blocking the cherrystudio:// protocol within your firewall or network security policies. Additionally, educate users to be cautious about opening URLs from untrusted sources, especially those using custom protocols. Monitor network traffic for suspicious cherrystudio:// URLs. After upgrading, confirm the fix by attempting to open a known malicious URL (if available) and verifying that it no longer executes arbitrary code.
No hay una versión parcheada disponible al momento de esta publicación. Se recomienda evitar hacer clic en enlaces `cherrystudio://` de fuentes no confiables. Esté atento a las actualizaciones de Cherry Studio y actualice a la versión más reciente tan pronto como se publique una que corrija esta vulnerabilidad.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-61929 is a critical Remote Code Execution vulnerability in Cherry Studio for macOS, allowing attackers to execute commands via crafted URLs.
You are affected if you are using Cherry Studio versions 1.7.0-alpha.4 or earlier on macOS.
Upgrade Cherry Studio to version 1.7.1 or later to resolve this vulnerability. Consider blocking the cherrystudio:// protocol as a temporary workaround.
While no active exploitation campaigns have been publicly confirmed, the vulnerability's severity and ease of exploitation suggest a high likelihood of future exploitation.
Refer to the Cherry Studio release notes and security advisories on their official website for the latest information.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.