CVE-2025-54133

Name of the Vulnerable Software and Affected Versions Cursor versions 1.17 through 1.2

Description Cursor is a code editor built for programming with AI. A UI information disclosure exists in Cursor's MCP (Model Context Protocol) deeplink handler, enabling attackers to execute arbitrary system commands through social engineering attacks. Clicking malicious cursor://anysphere.cursor-deeplink/mcp/install links does not display the command arguments in the installation dialog. If a user clicks a malicious deeplink and proceeds with the installation, the full command, including arguments, will be executed on the machine.

Recommendations Update to version 1.3.