Bug Bounty

All about electronic devices security
https://mail.bugbounty.com.au/

Remote Code Execution Vulnerability in Cherry Studio Desktop Client

https://mail.bugbounty.com.au/viewtopic.php?t=7594

Page 1 of 1

Remote Code Execution Vulnerability in Cherry Studio Desktop Client

Posted: Tue Aug 12, 2025 5:27 am
by Shane1145
The Cherry Studio desktop client, supporting multiple LLM providers, has a vulnerability that allows for remote code execution via custom URL handling in versions 1.4.8 to 1.5.0. This security flaw can be exploited when a user clicks on a malicious link that triggers the app’s URL handler. Consequently, this leads to unauthorized execution of code on the user's machine, exposing it to potential threats. The issue has been addressed in version 1.5.1.

https://securityvulnerability.io/vulner ... 2025-54063
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited