CVE-2025-54136

Name of the Vulnerable Software and Affected Versions Cursor versions 1.2.4 and earlier

Description Cursor is a code editor designed for AI-assisted programming. A flaw, dubbed MCPoison (CVE-2025-54136), allows attackers to achieve remote and persistent code execution. This is accomplished by modifying a trusted MCP (Model Context Protocol) configuration file within a shared GitHub repository or directly on the target machine. Once a user approves a harmless MCP, an attacker can silently replace it with a malicious command, such as calc.exe, without any warnings or prompts. If an attacker gains write access to a user's active branches in a source repository containing existing MCP servers, or obtains arbitrary file-write access locally, they can execute arbitrary code. The issue stems from a blind trust in MCP servers and a lack of basic security measures. The vulnerability allows for silent compromise by modifying a previously trusted configuration file.

Recommendations Update to version 1.3 or later to address this vulnerability.