A severe security vulnerability in Cursor, an AI code editor, has been patched, which could allow remote attackers to execute malicious code via the MCP server. The flaw, related to automatic execution of untrusted external data, highlights the risks of prompt injection in AI tools with external integrations. #Cursor #MCPServer
Keypoints
- The vulnerability CVE-2025-54135 affected Cursor version 1.2 and was addressed in version 1.3.
- The flaw allowed attackers to execute remote code through poisoned MCP server configurations, such as Slack integrations.
- The auto-run mode of MCP configuration can lead to silent execution of malicious commands injected via third-party messages.
- Cursorβs previous denylist protections were insufficient and have been replaced with an allowlist in the new version.
- Additional vulnerabilities involved prompt injection via GitHub README.md files and exfiltration of sensitive data like SSH keys.
Read More: https://thehackernews.com/2025/08/cursor-ai-code-editor-fixed-flaw.html