A critical vulnerability in Cursor’s AI code editor allows remote attackers to exploit prompt injection to modify sensitive files and execute arbitrary code. This flaw could enable attackers to chain vulnerabilities for remote code execution, affecting third-party MCP servers and components. #CVE-2025-54135 #CursorAI #PromptInjection #RemoteCodeExecution
Keypoints
- The vulnerability CVE-2025-54135 affects Cursor’s indirect prompt injection, enabling unauthorized code execution.
- Attackers can write to sensitive MCP files like .cursor/mcp.json without user approval, triggering RCE.
- Chained vulnerabilities increase risk, allowing malicious MCP server setups for remote exploitation.
- A second flaw, CVE-2025-54136, allows attackers to swap MCP configuration files with malicious commands.
- Auto-Run mode bypass and prompt injection in repositories can leak data and cause unauthorized command execution.
Read More: https://www.securityweek.com/several-vulnerabilities-patched-in-ai-code-editor-cursor/