Cyber Resilience

CVE-2025-54063

HighPublic PoC

Published: 11 August 2025

Published
11 August 2025
Modified
02 December 2025
KEV Added
Patch
CVSS Score v3.1 8.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0147 81.3th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-54063 is a high-severity Code Injection (CWE-94) vulnerability in Cherry-Ai Cherry Studio. Its CVSS base score is 8.0 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 18.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as LLM Application Platforms; in the Supply Chain and Deployment risk domain.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

Cherry Studio, a desktop client supporting multiple LLM providers, contains a remote code execution vulnerability in versions 1.4.8 through 1.5.0. The flaw stems from improper handling of custom URLs (CWE-94), which allows arbitrary code execution when a specially crafted link is processed by the application.

An attacker can exploit the issue by hosting a malicious website or embedding a crafted URL on any page. When a victim clicks the link in a browser, the app's custom URL handler is invoked, resulting in remote code execution on the victim's machine with high impact to confidentiality, integrity, and availability (CVSS 8.0).

The vulnerability has been addressed in version 1.5.1. The project security advisory, associated pull request, and commit on GitHub document the fix and recommend that users upgrade promptly.

EPSS for the CVE remains flat at a low value of 0.0147 with no observed rise after disclosure.

EU & UK References

Vulnerability details

Cherry Studio is a desktop client that supports for multiple LLM providers. From versions 1.4.8 to 1.5.0, there is a one-click remote code execution vulnerability through the custom URL handling. An attacker can exploit this by hosting a malicious website…

more

or embedding a specially crafted URL on any website. If a victim clicks the exploit link in their browser, the app’s custom URL handler is triggered, leading to remote code execution on the victim’s machine. This issue has been patched in version 1.5.1.

CWE(s)

AI Security AnalysisAI

AI Category
LLM Application Platforms
Risk Domain
Supply Chain and Deployment
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: llm

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
Why these techniques?

The vulnerability in Cherry Studio's custom URL handler allows remote code execution upon clicking a malicious link, directly enabling Exploitation for Client Execution (T1203).

CVEs Like This One

CVE-2025-54382Same product: Cherry-Ai Cherry Studio
CVE-2025-54074Same product: Cherry-Ai Cherry Studio
CVE-2025-55733Shared CWE-94
CVE-2026-0500Shared CWE-94
CVE-2025-27678Shared CWE-94
CVE-2025-67744Shared CWE-94
CVE-2024-56448Shared CWE-94
CVE-2026-21853Shared CWE-94
CVE-2025-61593Shared CWE-94
CVE-2024-57061Shared CWE-94

Affected Assets

cherry-ai
cherry studio
1.4.8 — 1.5.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of untrusted inputs such as malicious custom URLs to block code injection in Cherry Studio's URL handler.

prevent

Mandates timely patching of the specific RCE flaw in Cherry Studio versions 1.4.8 to 1.5.0 via upgrade to 1.5.1.

prevent

Provides memory protections like DEP and ASLR to mitigate unauthorized code execution even if the URL handler processes malicious input.

References