CVE-2025-54074 HIGH

CVE-2025-54074: Cherry Studio is Vulnerable to OS Command Injection during Connection with a Malicious MCP Server

Vendor Cherryhq

Product cherry-studio

Weakness CWE-78

Published August 13, 2025

Last update August 13, 2025

View on NVD All CVEs

CVSS base score

7.7/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Cherry Studio is a desktop client that supports for multiple LLM providers. From versions 1.2.5 to 1.5.1, Cherry Studio is vulnerable to OS Command Injection during a connection with a malicious MCP server in HTTP Streamable mode. Attackers can setup a malicious MCP server with compatible OAuth authorization server endpoints and trick victims into connecting it, leading to OS command injection in vulnerable clients. This issue has been patched in version 1.5.2.

Key dates

02Disclosure timeline

August 13, 2025 CVE published

August 13, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-54074

Related vulnerabilities

CVE-2025-54074: Cherry Studio is Vulnerable to OS Command Injection during Connection with a Malicious MCP Server

01Description

02Disclosure timeline

03References

04Related CVE