CNNVD-202508-943 Information

CNNVD ID

CNNVD-202508-943

Related CVE

CVE-2025-54063

• CNNVD Published: 2025-08-11

Description (Chinese)

cherry是Chee个人开发者的一个 HTTP 服务器。 cherry 1.4.8至1.5.0版本存在代码注入漏洞，该漏洞源于自定义URL处理不当，可能导致远程代码执行。

Description (English)

Cherry is a HTTP server for Chee’s personal developer. There is a code-injecting loophole in versions 1.4.8 to 1.5.0, which results from inappropriate handling of custom URLs, which may lead to remote code implementation.

Hazard Level

Medium

Vulnerability Type

代码注入

Affected Vendor

个人开发者

Published

2025-08-11

Last Modified

2026-02-24

References

https://github.com/CherryHQ/cherry-studio/pull/8218 https://github.com/CherryHQ/cherry-studio/commit/ff72c007c03ff47de21a4d0bf52a1ff1fb35cd89 https://github.com/CherryHQ/cherry-studio/security/advisories/GHSA-p6vw-w3p8-4g72 https://access.redhat.com/security/cve/cve-2025-54063

Patch

https://github.com/CherryHQ/cherry-studio/releases