Description
Cherry Studio is a desktop client that supports for multiple LLM providers. In version 1.5.1, a remote code execution (RCE) vulnerability exists in the Cherry Studio platform when connecting to streamableHttp MCP servers. The issue arises from the server’s implicit trust in the oauth auth redirection endpoints and failure to properly sanitize the URL. This issue has been patched in version 1.5.2.
EPSS Score:
0%
Comprehensive Technical Analysis of EUVD-2025-24569
1. Vulnerability Assessment and Severity Evaluation
The vulnerability identified as EUVD-2025-24569 (CVE-2025-54382) in Cherry Studio version 1.5.1 is a remote code execution (RCE) flaw. The vulnerability arises from the platform's implicit trust in OAuth authentication redirection endpoints and the failure to properly sanitize URLs when connecting to streamableHttp MCP servers.
Severity Evaluation:
- Base Score: 9.7 (CVSS:3.1)
- Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
The high base score of 9.7 indicates a critical vulnerability. The CVSS vector string details the following:
- Attack Vector (AV:N): Network exploitable.
- Attack Complexity (AC:L): Low complexity required for exploitation.
- Privileges Required (PR:N): No privileges are required.
- User Interaction (UI:R): Requires user interaction.
- Scope (S:C): Change in scope.
- Confidentiality (C:H), Integrity (I:H), Availability (A:H): High impact on all three CIA triad components.
2. Potential Attack Vectors and Exploitation Methods
Attack Vectors:
- OAuth Redirection Endpoints: An attacker could exploit the implicit trust in OAuth redirection endpoints to inject malicious URLs.
- URL Sanitization Failure: The failure to sanitize URLs can allow an attacker to execute arbitrary code on the target system.
Exploitation Methods:
- Phishing Attacks: An attacker could craft a malicious OAuth redirection URL and send it to a user, enticing them to click on it.
- Man-in-the-Middle (MitM) Attacks: An attacker could intercept and modify OAuth redirection URLs in transit.
- Direct Exploitation: If an attacker can control the redirection endpoint, they can directly inject malicious code.
3. Affected Systems and Software Versions
Affected Software:
- Cherry Studio: Version 1.5.1
Affected Systems:
- Any system running Cherry Studio version 1.5.1 that connects to streamableHttp MCP servers.
4. Recommended Mitigation Strategies
Immediate Actions:
- Upgrade: Upgrade to Cherry Studio version 1.5.2 or later, where the vulnerability has been patched.
- Disable OAuth Redirection: Temporarily disable OAuth redirection endpoints until the system is updated.
Long-Term Strategies:
- Input Validation: Implement robust input validation and URL sanitization mechanisms.
- Security Training: Educate users about the risks of clicking on unsolicited links and the importance of verifying URLs.
- Network Monitoring: Deploy network monitoring tools to detect and respond to suspicious activities related to OAuth redirection.
5. Impact on European Cybersecurity Landscape
The vulnerability poses a significant risk to organizations and individuals using Cherry Studio within the European Union. Given the high severity and the potential for remote code execution, this vulnerability could be exploited to compromise sensitive data, disrupt services, and potentially lead to financial losses. The European cybersecurity landscape must prioritize patching and mitigation efforts to prevent widespread exploitation.
6. Technical Details for Security Professionals
Technical Overview:
- Vulnerability Type: Remote Code Execution (RCE)
- Root Cause: Implicit trust in OAuth redirection endpoints and lack of URL sanitization.
- Exploitation: An attacker can inject malicious code through crafted OAuth redirection URLs.
Detection and Response:
- Log Analysis: Monitor logs for unusual OAuth redirection activities and failed URL sanitization attempts.
- Intrusion Detection Systems (IDS): Deploy IDS to detect and alert on suspicious network traffic related to OAuth redirection.
- Incident Response: Have an incident response plan in place to quickly identify, contain, and remediate any exploitation attempts.
Patch Information:
- Patch Version: Cherry Studio version 1.5.2
- Patch Details: The patch addresses the URL sanitization issue and enhances the security of OAuth redirection endpoints.
References:
- GitHub Advisory: GHSA-gjp6-9cvg-8w93
By following these recommendations and staying vigilant, organizations can effectively mitigate the risks associated with EUVD-2025-24569 and protect their systems from potential exploitation.