漏洞描述
Cherry Studio 是一款跨平台桌面AI助手,支持多种主流大语言模型(LLM),兼容 Windows、Mac 和 Linux 系统。
2025年8月,Cherry Studio官方发布安全通告预警Cherry Studio命令注入漏洞(CVE-2025-54074)。该漏洞导致恶意MCP服务器可通过<=v1.5.1版本的Cherry Studio在受害者主机上执行任意命令。建议受影响的用户及时更新版本进行修复。
Cherry Studio 命令注入漏洞
PoC代码
暂无相关漏洞推荐
- Cherry Studio 未授权 代码注入漏洞
- Sim Studio AI 服务端请求伪造漏洞(CVE-2025-9805)
- IBM Watson Studio on Cloud Pak for Data 跨站脚本漏洞
- POC CVE-2019-8982: Wavemaker Studio 6.6 - Local File Inclusion/Server-Side Request Forgery
- POC CVE-2021-43421: Studio-42 elFinder <2.1.60 - Arbitrary File Upload
- POC CVE-2022-38131: RStudio Connect - Open Redirect
- POC CVE-2023-47115: Label Studio - Cross-Site Scripting
- POC CVE-2023-47117: Label Studio - Sensitive Information Exposure
- POC CVE-2025-34300: SawtoothSoftware Lighthouse Studio < 9.16.14 - Pre-Auth Remote Code Execution
- POC shikongzhiyou-erp-uploadstudiofile-fileupload: 时空智友ERP系统 uploadStudioFile 任意文件上传漏洞
- POC exposed-vscode: Visual Studio Code Directories - Detect
- POC vscode-launch: Visual Studio Code launch.json Exposure
- POC label-studio-signup: Label Studio - Sign-up Detect