CVE-2025-61929
Cherry Studio · Cherry Studio
Cherry Studio incorrectly parses MCP installation URLs via the `cherrystudio://` custom protocol, leading to potential security risks.
Executive summary
A critical security flaw in the Cherry Studio desktop client’s custom protocol handler could allow an attacker to trigger malicious actions through crafted installation URLs.
Vulnerability
The desktop client registers a custom cherrystudio:// protocol that improperly handles MCP installation URLs. This flaw allows an unauthenticated attacker to manipulate the URL parsing logic, potentially leading to unauthorized system actions.
Business impact
The CVSS score of 9.6 indicates an extremely high severity level. Successful exploitation could lead to unauthorized code execution or system manipulation on the host machine running the desktop client, potentially exposing sensitive LLM provider credentials or local data.
Remediation
Immediate Action: Update the Cherry Studio desktop client to the latest version as soon as the vendor releases a patch.
Proactive Monitoring: Monitor host-level process creation logs for suspicious activity originating from the Cherry Studio application.
Compensating Controls: Restrict the use of custom protocol handlers through endpoint management policies if the application is not immediately required for business operations.
Exploitation status
Public Exploit Available: Not specified
Analyst recommendation
Given the high CVSS score, this vulnerability poses a significant risk to client-side environments. Users should monitor for and apply the latest security updates provided by Cherry Studio to prevent unauthorized exploitation of the protocol handler.