1.7.1
CVE-2025-61929 is a critical Remote Code Execution (RCE) vulnerability affecting Cherry Studio versions up to 1.7.0-alpha.4 on macOS. This flaw allows attackers to execute arbitrary commands by crafting malicious cherrystudio:// protocol URLs, potentially leading to complete system compromise. A fix is available in version 1.7.1.
The vulnerability lies in how Cherry Studio handles the cherrystudio:// protocol, specifically when processing MCP (Model Configuration Provider) installation URLs. The application directly executes commands embedded within base64-encoded configuration data received through these URLs, without proper sanitization. An attacker could embed malicious code within a crafted URL, which, when opened by a user, would be executed on their system. This could lead to arbitrary code execution, allowing the attacker to install malware, steal sensitive data, or gain persistent access to the affected machine. The potential impact is severe, as the attacker gains full control over the system.
This vulnerability has been publicly disclosed and assigned a CVSS score of 9.7 (CRITICAL). While no active exploitation campaigns have been publicly confirmed at the time of writing, the ease of exploitation and the potential for widespread impact make it a high-priority concern. The vulnerability is not currently listed on CISA KEV. Public proof-of-concept exploits are likely to emerge given the vulnerability's nature.
Users of Cherry Studio on macOS, particularly those who frequently interact with external data sources or open URLs from untrusted sources, are at significant risk. Shared hosting environments where Cherry Studio is installed could also be vulnerable, potentially impacting multiple users.
• macos / application:
ls -l /Applications/Cherry Studio.app/Contents/MacOS/Cherry Studio | grep -q 'protocol_handler'• macos / file integrity:
md5 /Applications/Cherry Studio.app/Contents/Services/ProtocolClient.service• macos / process monitoring:
ps aux | grep -i 'cherrystudio://'Public Disclosure
漏洞利用状态
EPSS
0.07% (21% 百分位)
CISA SSVC
CVSS 向量
The primary mitigation is to immediately upgrade Cherry Studio to version 1.7.1 or later, which addresses this vulnerability. If upgrading is not immediately feasible, consider blocking the cherrystudio:// protocol within your firewall or network security policies. Additionally, educate users to be cautious about opening URLs from untrusted sources, especially those using custom protocols. Monitor network traffic for suspicious cherrystudio:// URLs. After upgrading, confirm the fix by attempting to open a known malicious URL (if available) and verifying that it no longer executes arbitrary code.
目前没有可用的补丁版本。建议避免点击来自不可信来源的 `cherrystudio://` 链接。请留意 Cherry Studio 的更新,并在发布修复此漏洞的版本后尽快更新到最新版本。
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2025-61929 is a critical Remote Code Execution vulnerability in Cherry Studio for macOS, allowing attackers to execute commands via crafted URLs.
You are affected if you are using Cherry Studio versions 1.7.0-alpha.4 or earlier on macOS.
Upgrade Cherry Studio to version 1.7.1 or later to resolve this vulnerability. Consider blocking the cherrystudio:// protocol as a temporary workaround.
While no active exploitation campaigns have been publicly confirmed, the vulnerability's severity and ease of exploitation suggest a high likelihood of future exploitation.
Refer to the Cherry Studio release notes and security advisories on their official website for the latest information.