AI description
CVE-2025-54135 is a security vulnerability in the Cursor AI code editor that could lead to remote code execution. This vulnerability, dubbed "CurXecute" by Aim Labs, arises from the way Cursor interacts with Model Control Protocol (MCP) servers to access external tools. By feeding malicious prompts to the AI agent, an attacker can trigger the execution of attacker-controlled commands. The vulnerability involves a prompt injection that silently rewrites the "~/.cursor/mcp.json" file. This file is used to configure custom MCP servers in Cursor, and the vulnerability allows the execution of any new entry without requiring confirmation. An attacker can inject a malicious command through a single line of prompting, influencing Cursor's actions and gaining remote code execution under the user's privileges.
- Description
- Cursor is a code editor built for programming with AI. Cursor allows writing in-workspace files with no user approval in versions below 1.3.9, If the file is a dotfile, editing it requires approval but creating a new one doesn't. Hence, if sensitive MCP files, such as the .cursor/mcp.json file don't already exist in the workspace, an attacker can chain a indirect prompt injection vulnerability to hijack the context to write to the settings file and trigger RCE on the victim without user approval. This is fixed in version 1.3.9.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
- Products
- cursor
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- security-advisories@github.com
- CWE-78
- Hype score
- Not currently trending
Top 5 Trending CVEs: 1 - CVE-2024-40766 2 - CVE-2025-54135 3 - CVE-2018-20587 4 - CVE-2022-46689 5 - CVE-2025-32756 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
14 Sept 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#VulnerabilityReport #AIsecurity Prompt Injection to Code Execution: Cursor Code Editor Hit by Critical MCP Vulnerabilities (CVE-2025-54135 & CVE-2025-54136) https://t.co/Ank7mFziga
@Komodosec
8 Sept 2025
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A one-line prompt morphed Cursor’s AI coding agent into a local shell (CVE-2025-54135)—and multiple outlets report Coinbase uses Cursor internally. https://t.co/guALRPWtlS
@w00tcake
5 Sept 2025
90 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-54135, CVE-2025-54136: Frequently Asked Questions About Vulnerabilities in Cursor IDE (CurXecute and MCPoison) https://t.co/BKWDFRjedJ https://t.co/6wAqaamGO8
@IT_Peurico
12 Aug 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-54135 (CVSS:8.5, HIGH) is Awaiting Analysis. Cursor is a code editor built for programming with AI. Cursor allows writing in-workspace files with no user approval in..https://t.co/28EWohw2Ml #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
10 Aug 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-54135, CVE-2025-54136: Frequently Asked Questions About Vulnerabilities in Cursor IDE (CurXecute and MCPoison) https://t.co/3b6TVnFVeZ https://t.co/ULQaumRVYb
@TechMash365
7 Aug 2025
51 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
CVE-2025-54135, CVE-2025-54136: Frequently Asked Questions About Vulnerabilities in Cursor IDE (CurXecute and MCPoison) https://t.co/UOF6VKTRop https://t.co/dg2ItPApM9
@pcasano
6 Aug 2025
26 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-54135, CVE-2025-54136: Frequently Asked Questions About Vulnerabilities in Cursor IDE (CurXecute and MCPoison) https://t.co/KyD1p4OODQ https://t.co/NUjGE27eCu
@EAlexStark
6 Aug 2025
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-54135, CVE-2025-54136: Frequently Asked Questions About Vulnerabilities in Cursor IDE (CurXecute and MCPoison) https://t.co/tslGBATqog https://t.co/2F3V3orbnR
@Art_Capella
6 Aug 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-54135, CVE-2025-54136: Frequently Asked Questions About Vulnerabilities in Cursor IDE (CurXecute and MCPoison) https://t.co/4Jnrg4oY4d https://t.co/nBRXveLu3d
@dansantanna
6 Aug 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-54135, CVE-2025-54136: Frequently Asked Questions About Vulnerabilities in Cursor IDE (CurXecute and MCPoison) https://t.co/977eN0P3dn https://t.co/QqNwPcU9Yz
@Trej0Jass
6 Aug 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
AI推進 コードエディタ Cursorにクリティカルな脆弱性(CVE-2025-54135,CVE-2025-54136) #セキュリティ対策Lab #セキュリティ #Security https://t.co/1n5OjKxEVW
@securityLab_jp
6 Aug 2025
89 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Cursor IDE “CurXecute” (CVE-2025-54135): prompt injection can rewrite MCP config and execute code with dev privileges. Patch level: v1.3 (Jul 29). #LLMOps #Security https://t.co/o5bITT7s2W
@DeepEngineerHub
5 Aug 2025
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A critical vulnerability in Cursor, one of the most popular AI-powered code editors, just demonstrated how our new AI development tools can become security nightmares overnight. CVE-2025-54135, dubbed "CurXecute," (security researchers and exploit nick names Lol) allowed https:/
@_aligorithm
5 Aug 2025
558 Impressions
6 Retweets
21 Likes
0 Bookmarks
0 Replies
0 Quotes
not the most terrible thing, but worth mentioning: 🟧 CVE-2025-54135, CVSS: 8.5 (High) Cursor version < 1.3.9 Allowing unauthorized file writing without user approval. Vulnerability can lead to remote code execution (RCE) if sensitive files do not exist. Fixed in versi
@UjlakiMarci
5 Aug 2025
255 Impressions
1 Retweet
3 Likes
0 Bookmarks
1 Reply
0 Quotes
[CVE-2025-54135: HIGH] Cursor code editor had a vulnerability allowing unauthorized writing in certain files pre-v1.3.9. Attackers could exploit this to perform Remote Code Execution. Update to v1.3.9 to fix.#cve,CVE-2025-54135,#cybersecurity https://t.co/lwF8H9pz8i https://t.co/
@CveFindCom
5 Aug 2025
102 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#Cursor: Prompt Injection vulnerability CVE-2025-54135 (fixed in v1.3). By feeding poisoned data to the agent via MCP, an attacker can gain full remote code execution (#RCE): #AISecurity 👇 https://t.co/pU6gEBPvCo
@securestep9
4 Aug 2025
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CursorMCP漏洞CVE-2025-54135 https://t.co/uM2Q8Lie38
@DeeLMind
4 Aug 2025
61 Impressions
2 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A critical vulnerability (CVE-2025-54135) in Cursor’s AI code editor allows remote attackers to exploit prompt injection, enabling unauthorized file modifications and remote code execution. This flaw impacts MCP servers and components. #PromptInjection #… https://t.co/3r8oZhZ
@TweetThreatNews
4 Aug 2025
124 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2002-0741 2 - CVE-2024-27867 3 - CVE-2025-49704 4 - CVE-2025-54135 5 - CVE-2025-54574 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
4 Aug 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
少し前の出来事ですが、共有。 AI コードエディタ「Cursor」にリモートコード実行(RCE)を引き起こす可能性がある深刻なセキュリティ脆弱性(CVE-2025-54135(CVSS スコア:8.6))が存在していたことが発覚。2025
@hiro_accore
4 Aug 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
2 Replies
0 Quotes
AIコードエディタ「Cursor」において、深刻なリモートコード実行(RCE)脆弱性が2件(CVE-2025-54135, CVE-2025-54136)報告され、1.3.9で修正された。
@yousukezan
4 Aug 2025
9271 Impressions
26 Retweets
46 Likes
16 Bookmarks
0 Replies
3 Quotes
CursorAI脆弱性CVE-2025-54135修正。プロンプトインジェクションでmcp.json書換え、auto-run悪用しリモートコード実行。v1.3でallowlist方式採用 / Cursor AI Code Editor Fixed Flaw Allowing Attackers to Run Commands via Prompt Injection https://t.c
@__su888
3 Aug 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Cursor AI IDE hit by CurXecute (CVE-2025-54135) 💥 Prompt injection flaw = remote code execution 🕵️ Auto-runs attacker payloads via Slack/GitHub 🔒 Update to v1.3 now! #AI #CursorIDE #RCE #Darkweb #Deepweb Breaking news from the world & Darkweb: https://t.co/
@godeepweb
3 Aug 2025
81 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A single Slack message could hijack Cursor—AI code editor—with zero clicks. CVE-2025-54135 let attackers run remote code just by posting in a public channel. Cursor auto-executed it. No prompts. No approval. https://t.co/1Oo33bfh0U
@mika_daniel9
3 Aug 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2014-0160 2 - CVE-2025-3052 3 - CVE-2024-27867 4 - CVE-2025-0802 5 - CVE-2025-54135 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
3 Aug 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A flaw (CVE-2025-54135) in Cursor's AI code editor allows prompt injection to silently write to the MCP config file, enabling remote code execution without user consent. #CursorAI #AIVulnerability #RCE #CybersecurityAlert #MCPHacking https://t.co/3LRpF84PTg
@the_yellow_fall
3 Aug 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
01/08/2025 A high-severity flaw (CVE-2025-54135) in Cursor AI Code Editor could enable remote code execution via prompt injection! 🚨 Version 1.3 released to patch this critical vulnerability. Act now to secure your systems! Source: https://t.co/HujC8drGpF
@kernyx64
2 Aug 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
AIコードエディタ「Cursor」において、リモートコード実行(RCE)が可能となる深刻な脆弱性(CVE-2025-54135、CVSS 8.6)が発見され、2025年7月29日リリースのバージョン1.3で修正された。 この脆弱性「CurXecute」は、
@yousukezan
1 Aug 2025
142754 Impressions
178 Retweets
499 Likes
262 Bookmarks
3 Replies
30 Quotes
محققان امنیت سایبری آسیبپذیری شدید امنیتی در Cursor، ویرایشگر کد مبتنی بر هوش مصنوعی را افشا کردند که میتواند منجر به اجرای کد از راه دور شود. این آسیبپ
@Teeegra
1 Aug 2025
530 Impressions
0 Retweets
14 Likes
0 Bookmarks
0 Replies
0 Quotes
El editor de código con IA, Cursor, corrigió una grave falla de ejecución remota de código (RCE), registrada como CVE-2025-54135. Suponía un riesgo crítico para la seguridad de los desarrolladores. El fallo estaba en el protocolo de control del modelo (MCP). Al procesar da
@citarafy
1 Aug 2025
42 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
A vulnerability named CurXecute (CVE-2025-54135) affects nearly all versions of the AI-powered Cursor IDE, allowing remote code execution via prompt-injection attacks. Exploitation could lead to ransomware and data theft. https://t.co/aXAKQ3NgKQ
@securityRSS
1 Aug 2025
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨CVE-2025-54135: Cursor AI Code Editor Vulnerability Patched After Prompt Injection Exploit Allowed Remote Command Execution CVSS: 8.6 Video Credit: HiddenLayer Advisory no longer available on GitHub: https://t.co/dNQbdgR9Ff https://t.co/HLZu6k7C7c
@DarkWebInformer
1 Aug 2025
5362 Impressions
10 Retweets
49 Likes
15 Bookmarks
1 Reply
2 Quotes
🚨 A single Slack message could hijack Cursor—AI code editor—with zero clicks. CVE-2025-54135 let attackers run remote code just by posting in a public channel. Cursor auto-executed it. No prompts. No approval. Details here → https://t.co/7dB6UOzzUo
@TheHackersNews
1 Aug 2025
9675 Impressions
31 Retweets
73 Likes
12 Bookmarks
2 Replies
3 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:anysphere:cursor:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "17297CB2-0B98-497A-8796-F7F09E9B9876",
"versionEndExcluding": "1.3.9"
}
],
"operator": "OR"
}
]
}
]