CVE-2025-54136OS Command Injection in Cursor

CWE-78OS Command Injection9 documents3 sources
Severity
8.8HIGHNVD
EPSS
0.3%
top 51.74%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
CursorAnysphere Cursor
Timeline
PublishedAug 2
Latest updateNov 21

Description

Cursor is a code editor built for programming with AI. In versions 1.2.4 and below, attackers can achieve remote and persistent code execution by modifying an already trusted MCP configuration file inside a shared GitHub repository or editing the file locally on the target's machine. Once a collaborator accepts a harmless MCP, the attacker can silently swap it for a malicious command (e.g., calc.exe) without triggering any warning or re-prompt. If an attacker has write permissions on a user's ac

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5cursor/cursor< 1.3
NVDanysphere/cursor< 1.3

🕵️Threat Intelligence

8
Tenable
Cybersecurity Snapshot: Global Agencies Target Criminal “Bulletproof” Hosts, as CSA Unveils Agentic AI Risk Framework2025-11-21
Tenable
Cybersecurity Snapshot: Refresh Your Akira Defenses Now, CISA Says, as OWASP Revamps Its App Sec Top 10 Risks2025-11-14
Tenable
Cybersecurity Snapshot: AI Will Take Center Stage in Cyber in 2026, Google Says, as MITRE Revamps ATT&amp;CK Framework2025-11-07
Tenable
7 Questions EDR Providers Hope You Won’t Ask About Their “Exposure Management” Solution2025-11-05
Tenable
Cybersecurity Snapshot: Top Advice for Detecting and Preventing AI Attacks, and for Securing AI Systems2025-10-24