A critical security flaw in the AI-powered code editor Cursor, identified as CVE-2025-54136 and dubbed MCPoison, allows remote code execution by exploiting trusted MCP configuration files. The vulnerability emphasizes the increasing risks associated with AI integrations and highlights the importance of prompt security updates. #CVE202554136 #CursorAI #MCPoison
Keypoints
- A security flaw in Cursor enables remote code execution through manipulation of MCP configurations.
- The vulnerability allows malicious code to run silently after trusted configurations are replaced.
- Cursor addressed the flaw in version 1.3 by requiring re-approval on configuration changes.
- The flaw exposes broader risks in AI development environments, including supply chain threats and data theft.
- Recent tests show nearly half of AI-generated code integrates security vulnerabilities, increasing attack surfaces.
Read More: https://thehackernews.com/2025/08/cursor-ai-code-editor-vulnerability.html