CVE-2025-54063
Published: 11 August 2025
Summary
CVE-2025-54063 is a high-severity Code Injection (CWE-94) vulnerability in Cherry-Ai Cherry Studio. Its CVSS base score is 8.0 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 31.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as Enterprise AI Assistants; in the Protocol-Specific Risks risk domain.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly requires validation of untrusted inputs such as malicious custom URLs to block code injection in Cherry Studio's URL handler.
Mandates timely patching of the specific RCE flaw in Cherry Studio versions 1.4.8 to 1.5.0 via upgrade to 1.5.1.
Provides memory protections like DEP and ASLR to mitigate unauthorized code execution even if the URL handler processes malicious input.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability in Cherry Studio's custom URL handler allows remote code execution upon clicking a malicious link, directly enabling Exploitation for Client Execution (T1203).
NVD Description
Cherry Studio is a desktop client that supports for multiple LLM providers. From versions 1.4.8 to 1.5.0, there is a one-click remote code execution vulnerability through the custom URL handling. An attacker can exploit this by hosting a malicious website…
more
or embedding a specially crafted URL on any website. If a victim clicks the exploit link in their browser, the app’s custom URL handler is triggered, leading to remote code execution on the victim’s machine. This issue has been patched in version 1.5.1.
Deeper analysisAI
Cherry Studio, a desktop client supporting multiple large language model (LLM) providers, contains a one-click remote code execution vulnerability (CWE-94) in its custom URL handling mechanism, affecting versions 1.4.8 through 1.5.0. The flaw allows arbitrary code execution when the application's URL handler processes malicious input, as identified in CVE-2025-54063 with a CVSS v3.1 base score of 8.0 (AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).
An attacker can exploit this vulnerability by hosting a malicious website or embedding a specially crafted URL on any website. A victim who has Cherry Studio installed and clicks the exploit link in their browser triggers the app's custom URL handler, resulting in remote code execution on the victim's machine. No special privileges are required for the attacker, though user interaction is necessary, and exploitation is feasible from an adjacent network per the CVSS vector.
The issue has been addressed in Cherry Studio version 1.5.1. Official mitigation details are available in the project's GitHub security advisory (GHSA-p6vw-w3p8-4g72), along with the patching commit (ff72c007c03ff47de21a4d0bf52a1ff1fb35cd89) and pull request (#8218), recommending immediate upgrades for affected users.
Details
- CWE(s)
Affected Products
AI Security AnalysisAI
- AI Category
- Enterprise AI Assistants
- Risk Domain
- Protocol-Specific Risks
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Cherry Studio is a desktop client supporting multiple LLM providers, functioning as an enterprise-level AI assistant interface for interacting with LLMs.