Remote Code Execution Vulnerability in Cursor Code Editor by Cursor
CVE-2025-54136

7.2HIGH

Key Information:

Vendor

Cursor

Status
Cursor
Vendor
CVE Published:
2 August 2025

Badges

🔥 Trending now🥇 Trended No. 1📈 Trended📈 Score: 6,660👾 Exploit Exists📰 News Worthy

What is CVE-2025-54136?

CVE-2025-54136 is a remote code execution vulnerability in the Cursor code editor, a tool designed for programming with artificial intelligence integration. This vulnerability exists in Cursor versions 1.2.4 and below, where attackers can manipulate a trusted configuration file (MCP) within a shared GitHub repository or directly on a target’s local machine. By modifying the MCP, an attacker can execute arbitrary commands on the affected system without raising alarms, particularly after a collaborator mistakenly accepts an altered MCP. The potential for silent code execution poses significant risks to organizations that use the Cursor code editor, as it could lead to unauthorized access, data breaches, or the disruption of services.

Potential impact of CVE-2025-54136

  1. Unauthorized Code Execution: The most significant risk linked to this vulnerability is the ability for attackers to execute arbitrary code remotely on a user's machine. Once the malicious code is executed, it can perform harmful actions, including data theft, system modification, or complete compromise of the affected environment.

  2. Supply Chain Risks: This vulnerability highlights critical supply chain security issues, as manipulation occurs within a trusted shared repository. Attackers leveraging this exploit can compromise the integrity of the development process, potentially leading to widespread distribution of malicious code if left unchecked.

  3. Data Breaches and Loss: With the potential for unauthorized access and execution of commands, sensitive data may be exposed or lost. This impact could lead to regulatory penalties and damage to organizational reputation, making timely remediation essential to protect assets and maintain trust.

Affected Version(s)

cursor < 1.3

News Articles

favicon imageCyber Press

New 'MCPoison' Attack Exploits Cursor IDE Validation to Run Arbitrary System Commands

Security researchers from Check Point have disclosed a critical vulnerability in Cursor IDE that allows attackers to achieve persistent remote code execution through a Model Context Protocol (MCP) trust bypass mechanism. The flaw, designated CVE-2025-54136, exploits the IDE’s one-time approval syste...

2 days ago

favicon imageGBHackers News

MCPoison Attack Abuses Cursor IDE to Run Arbitrary System Commands

Cybersecurity researchers have uncovered a critical vulnerability in Cursor IDE that allows attackers to execute arbitrary system commands through a sophisticated trust bypass mechanism, potentially compromising developer workstations across collaborative coding environments. Check Point Research di...

2 days ago

References

https://github.com/cursor/cursor/security/advisories/GHSA...
x_refsource_CONFIRM

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by GBHackers News

  • 🥇

    Vulnerability reached the number 1 worldwide trending spot

  • 📈

    Vulnerability started trending

  • Vulnerability published

.
CVE-2025-54136 : Remote Code Execution Vulnerability in Cursor Code Editor by Cursor