Cherry-ai Cherry Studio — known CVE vulnerabilities
Every CVE whose affected-product data names Cherry-ai Cherry Studio, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2025-54074 — CVSS 9.8 (critical): Cherry Studio is a desktop client that supports for multiple LLM providers. From versions 1.2.5 to 1.5.1, Cherry Studio is vulnerable to OS…
CVE-2025-54382 — CVSS 9.6 (critical): Cherry Studio is a desktop client that supports for multiple LLM providers. In version 1.5.1, a remote code execution (RCE) vulnerability…
CVE-2025-61929 — CVSS 9.6 (critical): Cherry Studio is a desktop client that supports for multiple LLM providers. Cherry Studio registers a custom protocol called…
CVE-2025-54063 — CVSS 8.0 (high): Cherry Studio is a desktop client that supports for multiple LLM providers. From versions 1.4.8 to 1.5.0, there is a one-click remote code…