Vulnerability Details CVE-2025-54133
Cursor is a code editor built for programming with AI. In versions 1.17 through 1.2, there is a UI information disclosure vulnerability in Cursor's MCP (Model Context Protocol) deeplink handler, allowing attackers to execute 2-click arbitrary system commands through social engineering attacks. When users click malicious `cursor://anysphere.cursor-deeplink/mcp/install` links, the installation dialog does not show the arguments being passed to the command being run. If a user clicks a malicious deeplink, then examines the installation dialog and clicks through, the full command including the arguments will be executed on the machine. This is fixed in version 1.3.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 13.5%
CVSS Severity
CVSS v3 Score 9.6
Products affected by CVE-2025-54133
-
cpe:2.3:a:anysphere:cursor:1.1.7
-
cpe:2.3:a:anysphere:cursor:1.2
-
cpe:2.3:a:anysphere:cursor:1.2.1
-
cpe:2.3:a:anysphere:cursor:1.2.2
-
cpe:2.3:a:anysphere:cursor:1.2.4