Browse all 4 CVE security advisories affecting CherryHQ. AI-powered Chinese analysis, POCs, and references for each vulnerability.
CherryHQ develops collaboration and project management software used by teams for workflow organization and document sharing. Historically, vulnerabilities have included stored cross-site scripting (XSS) in user-generated content, remote code execution (RCE) in file upload functionality, and privilege escalation flaws in access control mechanisms. The product has demonstrated inconsistent input validation and insufficient access controls in past versions. While no major public security incidents have been documented, the presence of four CVEs indicates recurring issues in secure coding practices, particularly around sanitization and permission management.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-61929 | Cherry Studio allows one-click on a specific URL to cause a command to execute — cherry-studioCWE-94 | 9.7 | Critical | 2025-10-10 |
| CVE-2025-54382 | Cherry Studio RCE Vulnerability Disclosure — cherry-studioCWE-78 | 9.7 | Critical | 2025-08-13 |
| CVE-2025-54074 | Cherry Studio is Vulnerable to OS Command Injection during Connection with a Malicious MCP Server — cherry-studioCWE-78 | 8.8AI | HighAI | 2025-08-13 |
| CVE-2025-54063 | Cherry Studio One-click Remote Code Execution Vulnerability through Custom URL Handling — cherry-studioCWE-94 | 8.0 | High | 2025-08-11 |
This page lists every published CVE security advisory associated with CherryHQ. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.