Vulnerability Details CVE-2025-54136
Cursor is a code editor built for programming with AI. In versions 1.2.4 and below, attackers can achieve remote and persistent code execution by modifying an already trusted MCP configuration file inside a shared GitHub repository or editing the file locally on the target's machine. Once a collaborator accepts a harmless MCP, the attacker can silently swap it for a malicious command (e.g., calc.exe) without triggering any warning or re-prompt. If an attacker has write permissions on a user's active branches of a source repository that contains existing MCP servers the user has previously approved, or allows an attacker has arbitrary file-write locally, the attacker can achieve arbitrary code execution. This is fixed in version 1.3.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 22.1%
CVSS Severity
CVSS v3 Score 7.2
Products affected by CVE-2025-54136
-
cpe:2.3:a:anysphere:cursor:0.50
-
cpe:2.3:a:anysphere:cursor:0.50.1
-
cpe:2.3:a:anysphere:cursor:0.50.2
-
cpe:2.3:a:anysphere:cursor:0.50.3
-
cpe:2.3:a:anysphere:cursor:0.50.4
-
cpe:2.3:a:anysphere:cursor:0.50.5
-
cpe:2.3:a:anysphere:cursor:0.50.6
-
cpe:2.3:a:anysphere:cursor:0.50.7
-
cpe:2.3:a:anysphere:cursor:1.0
-
cpe:2.3:a:anysphere:cursor:1.0.1
-
cpe:2.3:a:anysphere:cursor:1.1
-
cpe:2.3:a:anysphere:cursor:1.1.1
-
cpe:2.3:a:anysphere:cursor:1.1.2
-
cpe:2.3:a:anysphere:cursor:1.1.3
-
cpe:2.3:a:anysphere:cursor:1.1.4
-
cpe:2.3:a:anysphere:cursor:1.1.5
-
cpe:2.3:a:anysphere:cursor:1.1.6
-
cpe:2.3:a:anysphere:cursor:1.1.7
-
cpe:2.3:a:anysphere:cursor:1.2
-
cpe:2.3:a:anysphere:cursor:1.2.1
-
cpe:2.3:a:anysphere:cursor:1.2.2
-
cpe:2.3:a:anysphere:cursor:1.2.4