CNNVD-202510-1408 Information

CNNVD ID

CNNVD-202510-1408

Related CVE

CVE-2025-61929

• CNNVD Published: 2025-10-10

Description (Chinese)

Cherry Studio是中国千彗（Cherry Studio）公司的一个多模型AI助手。 Cherry Studio存在代码注入漏洞，该漏洞源于处理cherrystudio://mcp类型URL时直接执行base64编码配置数据中的命令，可能导致执行任意代码。

Description (English)

Cherry Studio is a multi-model AI assistant at Cherry Studio in China. Cherry Studio has a code-in-the-code loophole, which stems from the direct execution of the commands in the base64 encoded configuration data for the processing of cherystudio://mcp type URLs, which may result in the execution of any code.

Hazard Level

Low

Vulnerability Type

代码注入

Affected Vendor

千彗

Published

2025-10-10

Last Modified

2026-02-24

References

https://github.com/CherryHQ/cherry-studio/security/advisories/GHSA-hh6w-rmjc-26f6