The Cherry Studio desktop client, supporting multiple LLM providers, has a vulnerability that allows for remote code execution via custom URL handling in versions 1.4.8 to 1.5.0. This security flaw can be exploited when a user clicks on a malicious link that triggers the app’s URL handler. Consequently, this leads to unauthorized execution of code on the user's machine, exposing it to potential threats. The issue has been addressed in version 1.5.1.
https://securityvulnerability.io/vulner ... 2025-54063