What is CVE-2025-61929 — RCE in Cherry Studio?

CVE-2025-61929 is a critical Remote Code Execution vulnerability in Cherry Studio for macOS, allowing attackers to execute commands via crafted URLs.

Am I affected by CVE-2025-61929 in Cherry Studio?

You are affected if you are using Cherry Studio versions 1.7.0-alpha.4 or earlier on macOS.

How do I fix CVE-2025-61929 in Cherry Studio?

Upgrade Cherry Studio to version 1.7.1 or later to resolve this vulnerability. Consider blocking the `cherrystudio://` protocol as a temporary workaround.

Is CVE-2025-61929 being actively exploited?

While no active exploitation campaigns have been publicly confirmed, the vulnerability's severity and ease of exploitation suggest a high likelihood of future exploitation.

Where can I find the official Cherry Studio advisory for CVE-2025-61929?

Refer to the Cherry Studio release notes and security advisories on their official website for the latest information.

CVE-2025-61929 — Vulnerability Details

NEXTGUARD

Escanear grátis

CVE-2025-61929 — Vulnerability Details | NextGuard

Passos de Detecçãotraduzindo…

• macos / application:

ls -l /Applications/Cherry Studio.app/Contents/MacOS/Cherry Studio | grep -q 'protocol_handler'

• macos / file integrity:

md5 /Applications/Cherry Studio.app/Contents/Services/ProtocolClient.service

• macos / process monitoring:

ps aux | grep -i 'cherrystudio://'

Cherry Studio permite que um único clique em uma URL específica cause a execução de um comando

Impacto e Cenários de Ataquetraduzindo…

Contexto de Exploraçãotraduzindo…

Quem Está em Riscotraduzindo…

Passos de Detecçãotraduzindo…

Linha do Tempo do Ataque

Inteligência de Ameaças

Software Afetado

Classificação de Fraqueza (CWE)

Linha do tempo

Mitigação e Soluções Alternativastraduzindo…

Como corrigir

Boletim de Segurança CVE

Perguntas frequentestraduzindo…

What is CVE-2025-61929 — RCE in Cherry Studio?

Am I affected by CVE-2025-61929 in Cherry Studio?

How do I fix CVE-2025-61929 in Cherry Studio?

Is CVE-2025-61929 being actively exploited?

Where can I find the official Cherry Studio advisory for CVE-2025-61929?

Seu projeto está afetado?