Cherry Studio Command Execution Vulnerability via Custom Protocol

A command execution vulnerability has been identified in Cherry Studio, a desktop client that supports multiple LLM providers. The issue arises from the application's handling of a custom protocol, 'cherrystudio://', specifically when processing MCP installation URLs. The vulnerability allows an attacker to execute arbitrary commands by crafting malicious content that is base64-encoded and embedded within the URL. When a user clicks on the link, the 'handleMcpProtocolUrl' function is triggered, executing the embedded command without any user awareness. As of now, there are no known patched versions available.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the user's system. The vulnerability has been demonstrated by executing the Windows calculator application, but more harmful actions could be performed, such as manipulating system schedules.

Reproduction

To reproduce this vulnerability, create a base64-encoded JSON payload containing a command to be executed, such as 'calc.exe'. This payload should be inserted into a 'cherrystudio://mcp/install' URL. When the crafted URL is clicked, the application will execute the embedded command. This vulnerability can be exploited by sharing the malicious URL through a website or other means, tricking the user into clicking it.