Name of the Vulnerable Software and Affected Versions: Cherry Studio versions 1.2.5 through 1.5.1 Description: Cherry Studio is vulnerable to OS Command Injection when connecting to a malicious MCP server in HTTP Streamable mode. Attackers can establish a malicious MCP server with compatible OAuth authorization server endpoints and compromise clients by tricking them into connecting, resulting in OS command injection. Recommendations: Update to version 1.5.2 or…Read More
PT-2025-32989 · Unknown · Cherry-Studio
