AI description
CVE-2025-54136 affects Cursor, an AI-powered code editor, specifically versions 1.2.4 and below. The vulnerability allows attackers to achieve remote code execution (RCE) by modifying a trusted Multi-Context Prompting (MCP) configuration file. This can be done either within a shared GitHub repository or locally on the target's machine. The vulnerability stems from a trust abuse issue in MCP server configuration. Once a user approves an MCP server, an attacker with write access can replace it with a malicious one without requiring re-approval. This enables the attacker to inject malicious commands, potentially leading to persistent backdoors, especially in collaborative coding environments. The issue has been addressed in Cursor version 1.3, which now prompts for re-approval whenever an mcpServer entry is modified.
- Description
- Cursor is a code editor built for programming with AI. In versions 1.2.4 and below, attackers can achieve remote and persistent code execution by modifying an already trusted MCP configuration file inside a shared GitHub repository or editing the file locally on the target's machine. Once a collaborator accepts a harmless MCP, the attacker can silently swap it for a malicious command (e.g., calc.exe) without triggering any warning or re-prompt. If an attacker has write permissions on a user's active branches of a source repository that contains existing MCP servers the user has previously approved, or allows an attacker has arbitrary file-write locally, the attacker can achieve arbitrary code execution. This is fixed in version 1.3.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
- Products
- cursor
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- security-advisories@github.com
- CWE-78
- Hype score
- Not currently trending
CVE-2025-54136 in the Cursor AI editor lets attackers swap trusted MCP configs to achieve remote code execution. MSSPs: ensure Cursor is patched, treat IDE config files like code, and test detections for spawned reverse shells. Read more: https://t.co/66SbJZETP3 #HackTheBox #MSSP
@HTBJill
17 Sept 2025
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#VulnerabilityReport #AIsecurity Prompt Injection to Code Execution: Cursor Code Editor Hit by Critical MCP Vulnerabilities (CVE-2025-54135 & CVE-2025-54136) https://t.co/Ank7mFziga
@Komodosec
8 Sept 2025
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Uwaga, użytkownicy Cursora! W AI-IDE Cursor wykryto krytyczną lukę w zabezpieczeniach (CVE-2025-54136, MCPoison ). Po jednorazowym zatwierdzeniu konfiguracji MCP atakujący mogą ją dyskretnie zastąpić i uzyskać trwałe zdalne wykonanie kodu – bez dalszych monitów.
@itcontent_eu
14 Aug 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Luka MCPoison (CVE-2025-54136) w Cursor IDE pozwala na trwałe RCE po jednorazowej akceptacji configu MCP. Zmiana .cursor/mcp.json może aktywować złośliwy kod za każdym razem, gdy otwierasz IDE. Załatano w wersji 1.3 — zaktualizuj jak najszybciej! #cybersecurity #Cur
@itcontent_eu
14 Aug 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Jak środowisko Cursor pozwalało na uruchomienie złośliwego kodu – CVE-2025-54136 https://t.co/UMAyWgCTkS
@AA6382813370063
13 Aug 2025
36 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
1 Quote
CVE-2025-54135, CVE-2025-54136: Frequently Asked Questions About Vulnerabilities in Cursor IDE (CurXecute and MCPoison) https://t.co/BKWDFRjedJ https://t.co/6wAqaamGO8
@IT_Peurico
12 Aug 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
AI coding tools aren't safe by default. Cursor's MCPoison flaw (CVE-2025-54136) enabled persistent remote code execution—patch or risk compromise. #Cybersecurity #AI https://t.co/Bl0ULjRXOF
@Serg_Panfilov
10 Aug 2025
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Unpatched Cursor? MCPoison flaw (CVE-2025-54136) enables silent, permanent malware execution in dev environments. You've been warned. #Cybersecurity #AI https://t.co/tTEks2iyqM
@Serg_Panfilov
9 Aug 2025
56 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CPR just uncovered “MCPoison” — a critical flaw in the AI-powered #Cursor IDE (CVE-2025-54136). The #vulnerability lets attackers silently inject malicious commands via trusted project configurations— no code changes needed. #CheckPointResearch https://t.co/mGOnJV04nZ
@michael_gazzano
8 Aug 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-54136 – MCPoison Cursor IDE: Persistent Code Execution via MCP Trust Bypass https://t.co/yjULsEYp9I #appsec
@eyalestrin
8 Aug 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
If you're using AI coding tools without security audits, you're playing with fire. The Cursor flaw (CVE-2025-54136) allowed permanent malicious code execution—patched but a dire warning. #Cybersecurity #AI https://t.co/3IRGMByiwh
@Serg_Panfilov
7 Aug 2025
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-54136 (CVSS:7.2, HIGH) is Awaiting Analysis. Cursor is a code editor built for programming with AI. In versions 1.2.4 and below, attackers can achieve remote and per..https://t.co/Hspgf1GoBk #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
7 Aug 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-54135, CVE-2025-54136: Frequently Asked Questions About Vulnerabilities in Cursor IDE (CurXecute and MCPoison) https://t.co/3b6TVnFVeZ https://t.co/ULQaumRVYb
@TechMash365
7 Aug 2025
51 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
Cursor AI Editor Vulnerability Enables RCE via Malicious File Swap Check Point Research disclosed a high-severity vulnerability (CVE-2025-54136) in the Cursor AI code editor, dubbed MCPoison, enabling remote code execution via malicious changes to a previously trusted MCP https:
@dCypherIO
6 Aug 2025
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-54135, CVE-2025-54136: Frequently Asked Questions About Vulnerabilities in Cursor IDE (CurXecute and MCPoison) https://t.co/UOF6VKTRop https://t.co/dg2ItPApM9
@pcasano
6 Aug 2025
26 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-54135, CVE-2025-54136: Frequently Asked Questions About Vulnerabilities in Cursor IDE (CurXecute and MCPoison) https://t.co/KyD1p4OODQ https://t.co/NUjGE27eCu
@EAlexStark
6 Aug 2025
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-54135, CVE-2025-54136: Frequently Asked Questions About Vulnerabilities in Cursor IDE (CurXecute and MCPoison) https://t.co/tslGBATqog https://t.co/2F3V3orbnR
@Art_Capella
6 Aug 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-54135, CVE-2025-54136: Frequently Asked Questions About Vulnerabilities in Cursor IDE (CurXecute and MCPoison) https://t.co/4Jnrg4oY4d https://t.co/nBRXveLu3d
@dansantanna
6 Aug 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-54135, CVE-2025-54136: Frequently Asked Questions About Vulnerabilities in Cursor IDE (CurXecute and MCPoison) https://t.co/977eN0P3dn https://t.co/QqNwPcU9Yz
@Trej0Jass
6 Aug 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
MCPoison: CVE-2025-54136 CURSOR IDE Persistent Code Execution 🚀 #bugbounty #cursor #CyberSecurity https://t.co/jZM5vzHfaS
@NullSecurityX
6 Aug 2025
583 Impressions
3 Retweets
16 Likes
3 Bookmarks
0 Replies
0 Quotes
AI推進 コードエディタ Cursorにクリティカルな脆弱性(CVE-2025-54135,CVE-2025-54136) #セキュリティ対策Lab #セキュリティ #Security https://t.co/1n5OjKxEVW
@securityLab_jp
6 Aug 2025
89 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 MCPoison: CVE-2025-54136 @_CPResearch_ found a persistent RCE flaw in @cursor_ai's IDE — one approval, silent exploitation, repeated access. AI tooling just met a serious trust issue. 🔗 Read the full breakdown: https://t.co/Hdrpdtf45R #CyberSecurity #cursor https:/
@CheckPointSW
5 Aug 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A critical vulnerability in Cursor AI Code Editor (CVE-2025-54136) dubbed MCPoison enables remote code execution through malicious MCP file swaps. Version 1.3 addresses this by requiring re-approval of config changes. #CodeSecurity #MCP #UK https://t.co/3VSrk02yWx
@TweetThreatNews
5 Aug 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Think approving an app config is NBD? Cursor IDE’s MCP flaw (CVE-2025-54136) turned one “OK” into a hacker’s VIP pass! 🕵️♂️ Backdoor city in a snap. Patch now or risk a cyber ambush! Details: https://t.co/k2ywzusszQ #CyberSecurity #InfoSec #PatchNow
@z3nch4n
5 Aug 2025
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Today, i released MCPoison CVE-2025-54136, a persistent remote code execution vulnerability in the Cursor IDE. This marks a new era of client-side exploitation, where AI tools are reshaping the attack surface. https://t.co/9VGPXmnxpZ
@Od3dV
5 Aug 2025
58 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Researchers revealed CVE-2025-54136, a vulnerability in Cursor IDE that allows persistent code execution via a trust bypass in its MCP system, enabling attackers to execute arbitrary commands silently after initial approval. #CyberSecurity #CVE https://t.co/kXGnRUgVHU
@Cyber_O51NT
5 Aug 2025
236 Impressions
0 Retweets
1 Like
2 Bookmarks
1 Reply
0 Quotes
🚨 A high-severity flaw in Cursor AI (CVE-2025-54136) let attackers hijack trusted MCP configs—triggering remote code execution every time you opened the project. No re-prompt. No warning. Just silent compromise by modifying a config file you already... https://t.co/4xKzwRBQ
@IT_news_for_all
5 Aug 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 A high-severity flaw in Cursor AI (CVE-2025-54136) let attackers hijack trusted MCP configs—triggering remote code execution every time you opened the project. No re-prompt. No warning. Just silent compromise by modifying a config file you already trusted. Learn more →
@TheHackersNews
5 Aug 2025
65523 Impressions
66 Retweets
142 Likes
28 Bookmarks
2 Replies
9 Quotes
🚨 New research alert Check Point Research discovered a critical RCE vulnerability (CVE-2025-54136) in Cursor, a fast-growing AI-powered IDE. The flaw allows persistent, silent code execution by modifying previously approved Model Context Protocol (MCP) configs. 🧵More below
@_CPResearch_
5 Aug 2025
12367 Impressions
34 Retweets
91 Likes
41 Bookmarks
3 Replies
4 Quotes
AIコードエディタ「Cursor」において、深刻なリモートコード実行(RCE)脆弱性が2件(CVE-2025-54135, CVE-2025-54136)報告され、1.3.9で修正された。
@yousukezan
4 Aug 2025
9271 Impressions
26 Retweets
46 Likes
16 Bookmarks
0 Replies
3 Quotes
CVE-2025-54136 Cursor is a code editor built for programming with AI. In versions 1.2.4 and below, attackers can achieve remote and persistent code execution by modifying an already… https://t.co/3EIrZym9lR
@CVEnew
1 Aug 2025
363 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:anysphere:cursor:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6CC3BD06-C788-4AE8-80B9-8CF608AB5F5F",
"versionEndExcluding": "1.3"
}
],
"operator": "OR"
}
]
}
]