CVE-2025-54063
Published: 11 August 2025
Summary
CVE-2025-54063 is a high-severity Code Injection (CWE-94) vulnerability in Cherry-Ai Cherry Studio. Its CVSS base score is 8.0 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 18.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as LLM Application Platforms; in the Supply Chain and Deployment risk domain.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
Cherry Studio, a desktop client supporting multiple LLM providers, contains a remote code execution vulnerability in versions 1.4.8 through 1.5.0. The flaw stems from improper handling of custom URLs (CWE-94), which allows arbitrary code execution when a specially crafted link is processed by the application.
An attacker can exploit the issue by hosting a malicious website or embedding a crafted URL on any page. When a victim clicks the link in a browser, the app's custom URL handler is invoked, resulting in remote code execution on the victim's machine with high impact to confidentiality, integrity, and availability (CVSS 8.0).
The vulnerability has been addressed in version 1.5.1. The project security advisory, associated pull request, and commit on GitHub document the fix and recommend that users upgrade promptly.
EPSS for the CVE remains flat at a low value of 0.0147 with no observed rise after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-24161
Vulnerability details
Cherry Studio is a desktop client that supports for multiple LLM providers. From versions 1.4.8 to 1.5.0, there is a one-click remote code execution vulnerability through the custom URL handling. An attacker can exploit this by hosting a malicious website…
more
or embedding a specially crafted URL on any website. If a victim clicks the exploit link in their browser, the app’s custom URL handler is triggered, leading to remote code execution on the victim’s machine. This issue has been patched in version 1.5.1.
- CWE(s)
AI Security AnalysisAI
- AI Category
- LLM Application Platforms
- Risk Domain
- Supply Chain and Deployment
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: llm
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability in Cherry Studio's custom URL handler allows remote code execution upon clicking a malicious link, directly enabling Exploitation for Client Execution (T1203).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation of untrusted inputs such as malicious custom URLs to block code injection in Cherry Studio's URL handler.
Mandates timely patching of the specific RCE flaw in Cherry Studio versions 1.4.8 to 1.5.0 via upgrade to 1.5.1.
Provides memory protections like DEP and ASLR to mitigate unauthorized code execution even if the URL handler processes malicious input.