1. Home
  2. Vulnerabilities
  3. CVE-2025-61929
9.6
CRITICAL CVSS 3.1
CVE-2025-61929
Cherry Studio allows one-click on a specific URL to cause a command to execute
Description

Cherry Studio is a desktop client that supports for multiple LLM providers. Cherry Studio registers a custom protocol called `cherrystudio://`. When handling the MCP installation URL, it parses the base64-encoded configuration data and directly executes the command within it. In the files `src/main/services/ProtocolClient.ts` and `src/main/services/urlschema/mcp-install.ts`, when receiving a URL of the `cherrystudio://mcp` type, the `handleMcpProtocolUrl` function is called for processing. If an attacker crafts malicious content and posts it on a website or elsewhere (there are many exploitation methods, such as creating a malicious website with a button containing this malicious content), when the user clicks it, since the pop-up window contains normal content, the direct click is considered a scene action, and the malicious command is directly triggered, leading to the user being compromised. As of time of publication, no known patched versions exist.

INFO

Published Date :

Oct. 10, 2025, 8:15 p.m.

Last Modified :

Oct. 10, 2025, 8:15 p.m.

Remotely Exploit :

Yes !

Source :

[email protected]
Affected Products

The following products are affected by CVE-2025-61929 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

No affected product recoded yet

: Total Affected Vendor : 0 | Products : 0
CVSS Scores
The Common Vulnerability Scoring System is a standardized framework for assessing the severity of vulnerabilities in software and systems. We collect and displays CVSS scores from various sources for each CVE.
Score Version Severity Vector Exploitability Score Impact Score Source
CVSS 3.1 CRITICAL [email protected]
Solution
Avoid directly executing commands from untrusted URLs.
  • Sanitize all user-provided input for URLs.
  • Validate and restrict allowed commands.
  • Avoid parsing and executing external data directly.
  • Update the application when a patch is available.
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2025-61929.

URL Resource
https://github.com/CherryHQ/cherry-studio/security/advisories/GHSA-hh6w-rmjc-26f6
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2025-61929 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2025-61929 weaknesses.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2025-61929 vulnerability anywhere in the article.

  • Daily CyberSecurity
Pro-Russian Hacktivist Group TwoNet Exposed for Fabricating Critical Infrastructure Attacks to Boost Reputation

Forescout Research has uncovered a disturbing new tactic among pro-Russian hacktivists — fabricating real-world critical infrastructure attacks to inflate their reputation. In a recent case, a newly f ... Read more

Published Date: Oct 13, 2025 (3 hours, 35 minutes ago)
  • Daily CyberSecurity
Critical Cherry Studio Flaw CVE-2025-61929 (CVSS 9.7) Allows One-Click RCE via Custom URL Protocol

A critical security flaw has been discovered in Cherry Studio, a cross-platform desktop client that supports multiple large language model (LLM) providers. Tracked as CVE-2025-61929 and rated CVSS 9.7 ... Read more

Published Date: Oct 13, 2025 (3 hours, 37 minutes ago)
  • Daily CyberSecurity
Axis Communications Leaks Azure Credentials in Autodesk Plugin Via Hardcoded SAS Tokens

Trend Micro’s Threat Research team has uncovered a serious cloud credential exposure involving Axis Communications, a leading provider of network surveillance and security devices. The issue originate ... Read more

Published Date: Oct 13, 2025 (3 hours, 50 minutes ago)
  • Daily CyberSecurity
Massive RDP Botnet Unleashed: 100,000+ IPs in Coordinated Global Scanning Campaign Targeting US

GreyNoise Intelligence has issued an alert about a massive coordinated botnet operation targeting Remote Desktop Protocol (RDP) services across the United States. Since October 8, 2025, researchers ha ... Read more

Published Date: Oct 13, 2025 (3 hours, 59 minutes ago)
  • Daily CyberSecurity
Akira Ransomware Revives SonicWall Flaw CVE-2024-40766, Uses ‘UnPAC the Hash’ to Breach Networks

Image: Fortinet Between July and August 2025, global security teams have observed a resurgence in Akira ransomware incidents targeting organizations through SonicWall SSL VPN appliances, marking a ren ... Read more

Published Date: Oct 13, 2025 (4 hours, 7 minutes ago)

Results are limited to the first 20 news articles due to potential performance issues.

The following table lists the changes that have been made to the CVE-2025-61929 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • New CVE Received by [email protected]

    Oct. 10, 2025

    Action Type Old Value New Value
    Added Description Cherry Studio is a desktop client that supports for multiple LLM providers. Cherry Studio registers a custom protocol called `cherrystudio://`. When handling the MCP installation URL, it parses the base64-encoded configuration data and directly executes the command within it. In the files `src/main/services/ProtocolClient.ts` and `src/main/services/urlschema/mcp-install.ts`, when receiving a URL of the `cherrystudio://mcp` type, the `handleMcpProtocolUrl` function is called for processing. If an attacker crafts malicious content and posts it on a website or elsewhere (there are many exploitation methods, such as creating a malicious website with a button containing this malicious content), when the user clicks it, since the pop-up window contains normal content, the direct click is considered a scene action, and the malicious command is directly triggered, leading to the user being compromised. As of time of publication, no known patched versions exist.
    Added CVSS V3.1 AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
    Added CWE CWE-94
    Added Reference https://github.com/CherryHQ/cherry-studio/security/advisories/GHSA-hh6w-rmjc-26f6
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
Vulnerability Scoring Details
Base CVSS Score: 9.6
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact