CVE-2025-14204
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-07

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability has been found in TykoDev cherry-studio-TykoFork 0.1. This issue affects the function redirectToAuthorization of the file /.well-known/oauth-authorization-server of the component OAuth Server Discovery. Such manipulation of the argument authorizationUrl leads to os command injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-07
Last Modified
2026-04-29
Generated
2026-05-07
AI Q&A
2025-12-08
EPSS Evaluated
2026-05-05
NVD
CVE-2025-14204
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
tykodev cherry-studio-tykofork 0.0.1
tykodev cherry-studio-tykofork 0.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the redirectToAuthorization function of the OAuth Server Discovery component in TykoDev cherry-studio-TykoFork 0.1. It allows an attacker to manipulate the authorizationUrl argument, leading to an OS command injection. This means an attacker can remotely execute arbitrary operating system commands on the affected system.


How can this vulnerability impact me? :

The vulnerability can allow a remote attacker to execute arbitrary OS commands on the affected system, potentially leading to unauthorized access, data compromise, system disruption, or further exploitation of the environment.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

Detection can involve monitoring for unusual or suspicious authorization_endpoint URLs in OAuth server discovery requests, especially those containing unexpected or malicious payloads. Since the vulnerability involves OS command injection via the authorizationUrl argument, inspecting logs for abnormal command executions or unexpected input in the redirectToAuthorization function may help. However, no specific detection commands or tools are documented. Network monitoring for unusual OAuth authorization server discovery traffic or scanning for the vulnerable version (cherry-studio-TykoFork 0.1) may assist in detection. [1, 2]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include replacing the affected product (TykoDev cherry-studio-TykoFork version 0.1) with an alternative, as no known mitigations or countermeasures have been documented. Avoid using the vulnerable OAuth Server Discovery component or disable it if possible. Monitoring for exploit attempts and restricting access to the affected service can also help reduce risk until a patch or fix is available. [2]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart