CVE-2025-64106OS Command Injection in Cursor

CWE-78OS Command Injection1 documents1 sources
Severity
8.8HIGHNVD
EPSS
0.0%
top 85.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
CursorAnysphere Cursor
Timeline
PublishedNov 4

Description

Cursor is a code editor built for programming with AI. In versions 1.7.28 and below, an input validation flaw in Cursor's MCP server installation enables specially crafted deep-links to bypass the standard security warnings and conceal executed commands from users if they choose to accept the server. If an attacker is able to convince a victim to navigate to a malicious deeplink, the victim will not see the correct speedbump modal, and if they choose to accept, will execute commands specified by

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5cursor/cursor< 2.0
NVDanysphere/cursor< 2.0