CVE-2025-54074
📋 TL;DR
Cherry Studio desktop client versions 1.2.5 to 1.5.1 are vulnerable to OS command injection when connecting to malicious MCP servers in HTTP Streamable mode. Attackers can trick users into connecting to specially crafted servers, allowing arbitrary command execution on the victim's system. This affects all users running vulnerable versions of Cherry Studio.
💻 Affected Systems
- Cherry Studio
📦 What is this software?
Cherry Studio by Cherry Ai
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise with attacker gaining complete control over the victim's machine, data theft, ransomware deployment, or lateral movement within networks.
Likely Case
Local privilege escalation, data exfiltration, or installation of persistent malware on individual user workstations.
If Mitigated
Limited impact if network segmentation prevents connections to untrusted MCP servers and users only connect to known, trusted servers.
🎯 Exploit Status
Exploitation requires user to connect to malicious server, but technical complexity is low once server is established.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.5.2
Vendor Advisory: https://github.com/CherryHQ/cherry-studio/security/advisories/GHSA-8xr5-732g-84px
Restart Required: Yes
Instructions:
1. Download Cherry Studio version 1.5.2 or later from official sources. 2. Install the update. 3. Restart Cherry Studio. 4. Verify version shows 1.5.2 or higher.
🔧 Temporary Workarounds
Disable HTTP Streamable Mode
allPrevent connections to MCP servers using HTTP Streamable mode where possible.
Restrict MCP Server Connections
allConfigure firewall rules to only allow connections to trusted MCP servers.
🧯 If You Can't Patch
- Implement network segmentation to restrict connections to untrusted MCP servers
- Educate users to only connect to known, trusted MCP servers and avoid unknown sources
🔍 How to Verify
Check if Vulnerable:
Check Cherry Studio version in application settings or About dialog. If version is between 1.2.5 and 1.5.1 inclusive, system is vulnerable.Check Version:
Check application settings or run 'cherry-studio --version' if available via command line.Verify Fix Applied:
Verify Cherry Studio version shows 1.5.2 or higher after update.📡 Detection & Monitoring
Log Indicators:
- Unusual process spawns from Cherry Studio
- Network connections to unknown MCP servers
- Command execution patterns from Cherry Studio process
Network Indicators:
- Outbound connections to non-standard MCP servers on unusual ports
- HTTP traffic to unknown domains during MCP server connections
SIEM Query:
process_name:"cherry-studio" AND (process_command_line:*cmd* OR process_command_line:*powershell* OR process_command_line:*bash*)