Cherry-ai Cherry_studio
4 CVEs affecting Cherry-ai Cherry_studio. Latest disclosed: 2025-10-10. Critical: 3, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-54074 | Critical | 9.8 | 2025-08-13 | Cherry Studio is a desktop client that supports for multiple LLM providers. From versions 1.2.5 to 1.5.1, Cherry Studio is vulnerable to OS Command Injection d… |
CVE-2025-61929 | Critical | 9.6 | 2025-10-10 | Cherry Studio is a desktop client that supports for multiple LLM providers. Cherry Studio registers a custom protocol called `cherrystudio://`. When handling t… |
CVE-2025-54382 | Critical | 9.6 | 2025-08-13 | Cherry Studio is a desktop client that supports for multiple LLM providers. In version 1.5.1, a remote code execution (RCE) vulnerability exists in the Cherry… |
CVE-2025-54063 | High | 8.0 | 2025-08-11 | Cherry Studio is a desktop client that supports for multiple LLM providers. From versions 1.4.8 to 1.5.0, there is a one-click remote code execution vulnerabil… |