CVE-2025-61929 – CVE-2025-61929 is a critical remote code execut... (How to Fix)

Q: What is the severity of CVE-2025-61929?

CVE-2025-61929 has a CVSS score of 9.6 (CRITICAL). CVE-2025-61929 is a critical remote code execution vulnerability in Cherry Studio's custom protocol handler. Attackers can craft malicious cherrystudio:// URLs that execute arbitrary commands when clicked, compromising user systems. All Cherry Studio users are affected until patched.

📋 TL;DR

CVE-2025-61929 is a critical remote code execution vulnerability in Cherry Studio's custom protocol handler. Attackers can craft malicious cherrystudio:// URLs that execute arbitrary commands when clicked, compromising user systems. All Cherry Studio users are affected until patched.

💻 Affected Systems

Products:

Cherry Studio

Versions: All versions prior to patch

Operating Systems: Windows, macOS, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in default installation when custom protocol handler is registered.

📦 What is this software?

Cherry Studio by Cherry Ai

View all CVEs affecting Cherry Studio →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attacker to execute arbitrary commands with user privileges, install malware, steal data, or pivot to other systems.

🟠

Likely Case

Attackers create malicious websites or emails with crafted URLs that execute commands when clicked, leading to malware installation or credential theft.

🟢

If Mitigated

With proper URL filtering and user awareness, exploitation requires user interaction, reducing but not eliminating risk.

🌐 Internet-Facing: HIGH - Attackers can host malicious content on websites or send crafted links via email/social media.

🏢 Internal Only: MEDIUM - Internal phishing campaigns could exploit this, but requires user interaction.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires user interaction (clicking malicious link) but is otherwise straightforward.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: https://github.com/CherryHQ/cherry-studio/security/advisories/GHSA-hh6w-rmjc-26f6

Restart Required: No

Instructions:

Monitor vendor advisory for patch release. No official patch available as of advisory publication.

🔧 Temporary Workarounds

Unregister Cherry Studio Protocol Handler

all

Remove the cherrystudio:// protocol handler registration from the system

Windows: reg delete "HKCU\Software\Classes\cherrystudio" /f
macOS: defaults delete com.apple.LaunchServices/com.apple.launchservices.secure
Linux: Check ~/.config/mimeapps.list and remove cherrystudio entries

Browser URL Filtering

all

Configure browsers to block or warn about cherrystudio:// URLs

Browser extensions or enterprise policies to block cherrystudio:// protocol

🧯 If You Can't Patch

Uninstall Cherry Studio until patch available
Use application whitelisting to prevent execution of unauthorized commands

🔍 How to Verify

Check if Vulnerable:

Check if Cherry Studio is installed and cherrystudio:// protocol is registered. Test with safe base64 payload: cherrystudio://mcp/install?config=Y21kLmV4ZQ==

Check Version:

Check Cherry Studio About menu or installation directory for version info

Verify Fix Applied:

Verify protocol handler is removed or patched version validates/restricts command execution

📡 Detection & Monitoring

Log Indicators:

Process execution from Cherry Studio with unusual command-line arguments
cherrystudio:// URL access in browser or application logs

Network Indicators:

HTTP requests to unusual domains following cherrystudio:// link clicks

SIEM Query:

Process Creation where Parent Process contains "cherry" AND Command Line contains unusual patterns

📊 Metadata

CVE ID: CVE-2025-61929

CVSS v3 Score: 9.6 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CWE: CWE-94

EPSS Score: 0.1% exploit probability (28.3th percentile)

Published: October 10, 2025

Last Updated: December 4, 2025

🔗 References

https://github.com/CherryHQ/cherry-studio/security/advisories/GHSA-hh6w-rmjc-26f6 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-61929, you might also want to check these: