CVE-2025-61929 | CherryHQ cherry-studio up to 1.7.0-alpha.4 ProtocolClient.ts handleMcpProtocolUrl code injection (GHSA-hh6w-rmjc-26f6)

A vulnerability marked as critical has been reported in CherryHQ cherry-studio up to 1.7.0-alpha.4. Affected is the function handleMcpProtocolUrl of the file src/main/services/ProtocolClient.ts. Performing manipulation results in code injection.

This vulnerability is known as CVE-2025-61929. Remote exploitation of the attack is possible. No exploit is available.VulDB Recent EntriesRead More