Local Code Execution Vulnerability in Cursor for macOS
CVE-2025-9190

4.8MEDIUM

Key Information:

Vendor

Cursor

Status
Cursor
Vendor
CVE Published:
26 August 2025

What is CVE-2025-9190?

A configuration issue in Cursor on macOS, specifically involving the 'RunAsNode' fuse, allows local attackers with unprivileged access to execute arbitrary code inheriting Cursor's Transparency, Consent, and Control (TCC) permissions. While the affected access is limited to permissions already granted by the user, an attacker may leverage this to prompt the user for additional resource access under the guise of Cursor, potentially masking malicious intent. Notably, the maintainers have opted not to address this issue due to it falling outside their defined threat model.

Affected Version(s)

Cursor MacOS 15.4.1

References

https://afine.com/threat-of-tcc-bypasses-on-macos/#cookin...
technical-description
https://github.com/cursor/cursor
product
https://cert.pl/posts/2025/08/tcc-bypass/
third-party-advisory

CVSS V4

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Karol Mazurek - AFINE Team
.
CVE-2025-9190 : Local Code Execution Vulnerability in Cursor for macOS