CVE-2025-54382 – Cherry Studio Cherry Picker Remote Code Execution

August 13, 2025

CVE ID : CVE-2025-54382

Published : Aug. 13, 2025, 2:15 p.m. | 11 hours, 1 minute ago

Description : Cherry Studio is a desktop client that supports for multiple LLM providers. In version 1.5.1, a remote code execution (RCE) vulnerability exists in the Cherry Studio platform when connecting to streamableHttp MCP servers. The issue arises from the server’s implicit trust in the oauth auth redirection endpoints and failure to properly sanitize the URL. This issue has been patched in version 1.5.2.

Severity: 9.6 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-55154 – ImageMagick Stack-Based Buffer Overflow

Next Article CVE-2025-32451 – Foxit Reader Uninitialized Pointer Memory Corruption Vulnerability

Sentry launches MCP monitoring tool

10 Benefits of Hiring a React.js Development Company (2025–2026 Edition)

From Line To Layout: How Past Experiences Shape Your Design Career

Hire React.js Developers in the US: How to Choose the Right Team for Your Needs

I’ve tested every Samsung Galaxy phone in 2025 – here’s the model I’d recommend on sale

Google Photos just put all its best editing tools a tap away – here’s the shortcut

Claude can teach you how to code now, and more – how to try it

One of the best work laptops I’ve tested has MacBook written all over it (but it’s even better)

Controlling Execution Flow with Laravel’s Sleep Helper

Controlling Execution Flow with Laravel’s Sleep Helper

Generate Secure Temporary Share Links for Files in Laravel

This Week in Laravel: Filament 4, Laravel Boost, and Junie Review

KDE Plasma 6 on Wayland: the Payoff for Years of Plumbing

KDE Plasma 6 on Wayland: the Payoff for Years of Plumbing

FOSS Weekly #25.33: Debian 13 Released, Torvalds vs RISC-V, Arch’s New Tool, GNOME Perfection and More Linux Stuff

Ultimate ChatGPT-5 Prompt Guide: 52 Ideas for Any Task

CVE-2025-54382 – Cherry Studio Cherry Picker Remote Code Execution

CISA Adds Two N-able N-central Flaws to Known Exploited Vulnerabilities Catalog

From Banking Darling to $1B Fraud Magnet: Inside the Zelle Lawsuit 2025

CVE-2025-49595 – n8n Denial of Service (DoS) Vulnerability

AlphaGeometry: An Olympiad-level AI system for geometry

CVE-2025-46522 – Billy Bryant Tabs CSRF Stored XSS

Noteworthy – Markdown notes app

Ubuntu 25.04 is Now Available to Download

CVE-2025-42961 – SAP NetWeaver Application Server for ABAP Permissive Access Configuration Privilege Escalation

CVE-2025-4820 – Cloudflare Quiche TCP Congestion Window Manipulation Vulnerability

CVE-2025-50108 – Oracle Hyperion Financial Reporting Workspace HTTP Unauthorized Access and Data Modification

CVE-2025-54382 – Cherry Studio Cherry Picker Remote Code Execution

Related Posts