CVE-2025-54133OS Command Injection in Cursor

CWE-78OS Command InjectionCWE-200Sensitive Information Exposure2 documents2 sources
Severity
5.3MEDIUMNVD
EPSS
0.1%
top 81.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Anysphere CursorCursor
Timeline
PublishedAug 2

Description

Cursor is a code editor built for programming with AI. In versions 1.17 through 1.2, there is a UI information disclosure vulnerability in Cursor's MCP (Model Context Protocol) deeplink handler, allowing attackers to execute 2-click arbitrary system commands through social engineering attacks. When users click malicious `cursor://anysphere.cursor-deeplink/mcp/install` links, the installation dialog does not show the arguments being passed to the command being run. If a user clicks a malicious de

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Packages2 packages

NVDanysphere/cursor1.1.71.3
CVEListV5cursor/cursor>= 1.17, < 1.3