A critical remote code execution (RCE) vulnerability, identified as CVE-2025-54382, has been discovered in the Cherry Studio desktop client. An attacker could exploit this flaw by manipulating the data stream when the client connects to a Large Language Model (LLM) provider, allowing them to take complete control of the affected user's computer. This could lead to data theft, system compromise, and further attacks on the network.

The vulnerability allows for remote code execution due to improper handling of data received from a connected LLM stream. An attacker can exploit this by either setting up a malicious LLM endpoint and tricking a user into connecting to it, or by performing a Man-in-the-Middle (MitM) attack to intercept and modify the data stream from a legitimate provider. By injecting specially crafted malicious data into the stream, the attacker can trigger a flaw in the Cherry Studio client, leading to the execution of arbitrary code on the user's system with the same privileges as the application.

This vulnerability is rated as critical severity with a CVSS score of 9.6, indicating a high risk to the organization. Successful exploitation would grant an attacker full control over the compromised workstation, leading to a complete loss of confidentiality, integrity, and availability. Potential consequences include theft of sensitive corporate data, intellectual property, user credentials, and financial information. Furthermore, a compromised machine could be used as a pivot point for lateral movement within the corporate network, deployment of ransomware, or inclusion in a botnet for launching further attacks.

Immediate Action: Immediately identify all systems running the vulnerable software and update Cherry Studio to the latest patched version as recommended by the vendor. After patching, review application and network access logs for any signs of compromise that may have occurred prior to the update.

Proactive Monitoring: Implement enhanced monitoring for systems running Cherry Studio. Security teams should look for unusual outbound network connections to unknown or suspicious IP addresses, unexpected child processes spawned by the Cherry Studio application, and anomalies in application logs related to data stream processing errors. Monitor DNS queries for requests to non-standard LLM provider domains.

Compensating Controls: If immediate patching is not feasible, implement compensating controls to mitigate risk. Use host-based firewalls or network egress filtering to restrict Cherry Studio's outbound connections to only known, trusted LLM provider endpoints. Employ application control or whitelisting solutions to prevent the execution of unauthorized code or processes on the host system. If possible within the application's settings, disable the streaming feature until a patch can be applied.

Public Exploit Available: False

Given the critical CVSS score of 9.6, this vulnerability poses a severe and immediate threat to the organization. We strongly recommend that all instances of the affected Cherry Studio software be patched immediately, without delay. The potential for a complete system compromise necessitates that this vulnerability be treated as a top priority for remediation. If patching cannot be performed immediately, the compensating controls listed above should be implemented as a temporary measure while a patching schedule is expedited.