CVE-2025-54131
published 2025-08-01CVE-2025-54131: Cursor is a code editor built for programming with AI. In versions below 1.3, an attacker can bypass the allow list in auto-run mode with a backtick (`) or…
PriorityP261high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.45%
36.1th percentile
Cursor is a code editor built for programming with AI. In versions below 1.3, an attacker can bypass the allow list in auto-run mode with a backtick (`) or $(cmd). If a user has swapped Cursor from its default settings (requiring approval for every terminal call) to an allowlist, an attacker can execute arbitrary command execution outside of the allowlist without user approval. An attacker can trigger this vulnerability if chained with indirect prompt injection. This is fixed in version 1.3.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| anysphere | cursor | < 1.3 | 1.3 |
| cursor | cursor | < 1.3 | 1.3 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No advisories linked to this vulnerability.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-08-01
Published