Platform
macos
Component
cherry-studio
Opgelost in
1.7.1
CVE-2025-61929 is a critical Remote Code Execution (RCE) vulnerability affecting Cherry Studio versions up to 1.7.0-alpha.4 on macOS. This flaw allows attackers to execute arbitrary commands by crafting malicious cherrystudio:// protocol URLs, potentially leading to complete system compromise. A fix is available in version 1.7.1.
The vulnerability lies in how Cherry Studio handles the cherrystudio:// protocol, specifically when processing MCP (Model Configuration Provider) installation URLs. The application directly executes commands embedded within base64-encoded configuration data received through these URLs, without proper sanitization. An attacker could embed malicious code within a crafted URL, which, when opened by a user, would be executed on their system. This could lead to arbitrary code execution, allowing the attacker to install malware, steal sensitive data, or gain persistent access to the affected machine. The potential impact is severe, as the attacker gains full control over the system.
This vulnerability has been publicly disclosed and assigned a CVSS score of 9.7 (CRITICAL). While no active exploitation campaigns have been publicly confirmed at the time of writing, the ease of exploitation and the potential for widespread impact make it a high-priority concern. The vulnerability is not currently listed on CISA KEV. Public proof-of-concept exploits are likely to emerge given the vulnerability's nature.
Users of Cherry Studio on macOS, particularly those who frequently interact with external data sources or open URLs from untrusted sources, are at significant risk. Shared hosting environments where Cherry Studio is installed could also be vulnerable, potentially impacting multiple users.
• macos / application:
ls -l /Applications/Cherry Studio.app/Contents/MacOS/Cherry Studio | grep -q 'protocol_handler'• macos / file integrity:
md5 /Applications/Cherry Studio.app/Contents/Services/ProtocolClient.service• macos / process monitoring:
ps aux | grep -i 'cherrystudio://'Public Disclosure
Exploit Status
EPSS
0.07% (21% percentiel)
CISA SSVC
CVSS-vector
The primary mitigation is to immediately upgrade Cherry Studio to version 1.7.1 or later, which addresses this vulnerability. If upgrading is not immediately feasible, consider blocking the cherrystudio:// protocol within your firewall or network security policies. Additionally, educate users to be cautious about opening URLs from untrusted sources, especially those using custom protocols. Monitor network traffic for suspicious cherrystudio:// URLs. After upgrading, confirm the fix by attempting to open a known malicious URL (if available) and verifying that it no longer executes arbitrary code.
Er is momenteel geen gepatchte versie beschikbaar op het moment van publicatie. Het wordt aanbevolen om het klikken op `cherrystudio://` links van onbetrouwbare bronnen te vermijden. Houd updates van Cherry Studio in de gaten en upgrade naar de nieuwste versie zodra er een versie wordt uitgebracht die deze kwetsbaarheid verhelpt.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2025-61929 is a critical Remote Code Execution vulnerability in Cherry Studio for macOS, allowing attackers to execute commands via crafted URLs.
You are affected if you are using Cherry Studio versions 1.7.0-alpha.4 or earlier on macOS.
Upgrade Cherry Studio to version 1.7.1 or later to resolve this vulnerability. Consider blocking the cherrystudio:// protocol as a temporary workaround.
While no active exploitation campaigns have been publicly confirmed, the vulnerability's severity and ease of exploitation suggest a high likelihood of future exploitation.
Refer to the Cherry Studio release notes and security advisories on their official website for the latest information.
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.