> About Author
Hi, I'm Sharon, a product manager at Chaitin Tech. We build SafeLine, an open-source Web Application Firewall built for real-world threats. While SafeLine focuses on HTTP-layer protection, our emergency response center monitors and responds to RCE and authentication vulnerabilities across the stack to help developers stay safe.
Cherry Studio is a cross-platform AI desktop assistant that supports multiple mainstream LLMs and runs on Windows, macOS, and Linux.
In August 2025, the Cherry Studio team disclosed a high-severity security advisory for CVE-2025-54074, affecting all versions ≤ v1.5.1.
This vulnerability allows a malicious MCP server to execute arbitrary system commands on the victim’s machine.
If you’re running an affected version, upgrade immediately to avoid compromise.
Vulnerability Description
Root Cause
In v1.5.1 and earlier, the MCP client (in HTTP Streamable mode) failed to validate the OAuth metadata returned by an MCP server — specifically the authorization_endpoint URL.
This URL was passed directly into the open() function without proper sanitization.
A threat actor could craft a malicious authentication URL containing injected commands, trick a user into connecting to their rogue MCP server, and trigger arbitrary command execution on the client’s machine.
Impact
If exploited, an attacker could:
- Run arbitrary OS commands on the target system
- Gain full control of the victim’s machine
- Steal sensitive data
- Compromise business systems
Risk Level: High
Attack Vector: Remote network
Authentication Required: None
User Interaction: Required (victim must connect to malicious MCP server)
Exploit Availability: Public POC/EXP confirmed
Fix Difficulty: Low (official patch available)
Affected Versions
- Cherry Studio ≤ v1.5.1
Mitigation & Fix
Temporary Workaround:
- Remove untrusted MCP servers from Cherry Studio’s configuration.
Permanent Fix:
- Upgrade to v1.5.2 or later immediately: Download Cherry Studio on GitHub
Proof of Concept (POC)
References
TL;DR
If you’re running Cherry Studio ≤ v1.5.1, you’re vulnerable to a remote command injection attack via malicious MCP servers.
Patch to v1.5.2+ immediately.
Join the SafeLine Community
If you continue to experience issues, feel free to contact SafeLine support for further assistance.
Top comments (1)
The community creations are mind-blowing; it's amazing to see what other players are building in Melon Sandbox.