CVE-2025-64109

Name of the Vulnerable Software and Affected Versions Cursor versions prior to 2025.09.17-25b418f

Description Cursor is a code editor designed for programming with AI. A flaw in the Cursor CLI Beta could allow a remote attacker to execute code. This is possible through the Model Context Protocol (MCP) server mechanism by uploading a malicious MCP configuration file, named .cursor/mcp.json, to a GitHub repository. When a user clones the repository and opens it with the Cursor CLI, the command to start the malicious MCP server is executed immediately without any warning, potentially leading to code execution.

Recommendations Update to version 2025.09.17-25b418f or later.