CNNVD-202508-1376 Information
Aug 13, 2025
cve
CNNVD ID
CNNVD-202508-1376
Related CVE
- CNNVD Published: 2025-08-13
Description (Chinese)
Cherry Studio是中国千彗(Cherry Studio)公司的一个多模型AI助手。 Cherry Studio 1.5.1版本存在操作系统命令注入漏洞,该漏洞源于streamableHttp MCP服务器连接时未正确清理URL,可能导致远程代码执行。
Description (English)
Cherry Studio is a multi-model AI assistant at Cherry Studio in China. There is a bug in the operating system command for version Cherry Studio 1.5.1, which originates from the incorrect cleanup of URLs when a sstream Http MCP server is connected, which may result in remote code execution.
Hazard Level
Low
Vulnerability Type
操作系统命令注入
Affected Vendor
千彗
Published
2025-08-13
Last Modified
2026-02-24
References
https://github.com/CherryHQ/cherry-studio/security/advisories/GHSA-gjp6-9cvg-8w93
Patch
https://github.com/CherryHQ/cherry-studio/releases
Share on: