CVE-2025-14204

Name of the Vulnerable Software and Affected Versions TykoDev cherry-studio-TykoFork version 0.1

Description A flaw exists in the OAuth Server Discovery component of the software, specifically within the redirectToAuthorization function located in the file /.well-known/oauth-authorization-server. Manipulation of the authorizationUrl argument can lead to operating system command injection. This issue is remotely exploitable, and details of the exploit have been publicly disclosed.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.