CVE-2025-14204 | TykoDev cherry-studio-TykoFork 0.1 OAuth Server Discovery oauth-authorization-server redirectToAuthorization authorizationUrl os command injection

A vulnerability was found in TykoDev cherry-studio-TykoFork 0.1 and classified as critical. This issue affects the function redirectToAuthorization of the file /.well-known/oauth-authorization-server of the component OAuth Server Discovery. Such manipulation of the argument authorizationUrl leads to os command injection.

This vulnerability is documented as CVE-2025-14204. The attack can be executed remotely. Additionally, an exploit exists.VulDB Recent EntriesRead More