CVE-2025-61929

Name of the Vulnerable Software and Affected Versions Cherry Studio versions 1.7.0-alpha.4 and earlier

Description Cherry Studio is a desktop client supporting multiple LLM providers. It registers a custom protocol, cherrystudio://, and when handling MCP installation URLs, it parses base64-encoded configuration data and directly executes the command within it. Specifically, the handleMcpProtocolUrl function in src/main/services/ProtocolClient.ts and src/main/services/urlschema/mcp-install.ts processes URLs of the cherrystudio://mcp type. An attacker can craft malicious content and, through methods like creating a malicious website, trigger the execution of arbitrary commands when a user clicks a link containing this content. The pop-up window may appear normal, leading the user to believe the click is a standard action, while the malicious command is executed in the background.

Recommendations Disable the cherrystudio:// protocol handler. Train users to be cautious when clicking links, especially those from untrusted sources. Restrict access to the vulnerable files src/main/services/ProtocolClient.ts and src/main/services/urlschema/mcp-install.ts. At the moment, there is no information about a newer version that contains a fix for this vulnerability.