Lucene search
+L

8 matches found

redhatcve
redhatcve
added 2025/11/05 11:10 p.m.13 views

CVE-2025-64109

Cursor is a code editor built for programming with AI. In versions and below, a vulnerability in the Cursor CLI Beta allowed an attacker to achieve remote code execution through the MCP Model Context Protocol server mechanism by uploading a malicious MCP configuration in .cursor/mcp.json file in ...

8.8CVSS8.1AI score0.00471EPSS
Exploits0References1
nvd
nvd
added 2025/11/05 12:15 a.m.5 views

CVE-2025-64109

Cursor is a code editor built for programming with AI. In versions and below, a vulnerability in the Cursor CLI Beta allowed an attacker to achieve remote code execution through the MCP Model Context Protocol server mechanism by uploading a malicious MCP configuration in .cursor/mcp.json file in ...

8.8CVSS0.00471EPSS
Exploits0References1
cvelist
cvelist
added 2025/11/04 11:9 p.m.10 views

CVE-2025-64109 Cursor CLI Beta: Command Injection via Untrusted MCP Configuration

Cursor is a code editor built for programming with AI. In versions and below, a vulnerability in the Cursor CLI Beta allowed an attacker to achieve remote code execution through the MCP Model Context Protocol server mechanism by uploading a malicious MCP configuration in .cursor/mcp.json file in ...

8.8CVSS0.00471EPSS
Exploits0References1
cve
cve
added 2025/11/04 11:9 p.m.43 views

CVE-2025-64109

Cursor CLI Beta contains a vulnerability where uploading a malicious MCP configuration in .cursor/mcp.json in a GitHub repo can trigger remote code execution when a victim clones the project and runs Cursor CLI. The issue results from the MCP (Model Context Protocol) server mechanism executing th...

8.8CVSS7.8AI score0.00471EPSS
Exploits0References1
euvd
euvd
added 2025/10/03 5:28 p.m.16 views

EUVD-2025-32310

Cursor is a code editor built for programming with AI. In versions 1.7 and below, a vulnerability in the way Cursor CLI Agent protects its sensitive files i.e. /.cursor/cli.json allows attackers to modify the content of the files through prompt injection, thus achieving remote code execution. A...

7.1CVSS7.7AI score0.00381EPSS
Exploits0References1
cve
cve
added 2025/10/03 5:28 p.m.30 views

CVE-2025-61593

CVE-2025-61593 affects Cursor, specifically Cursor CLI Agent in Cursor editor versions ≤ 1.7. The vulnerability stems from inadequate protection of sensitive files (e.g., /.cursor/cli.json ), allowing an attacker to inject prompts that modify these files, which can lead to remote code execution. ...

8.8CVSS7.8AI score0.00381EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2025/10/03 5:23 p.m.15 views

CVE-2025-61592 Cursor CLI: Arbitrary Code Execution Possible through Permissive CLI Config

Cursor is a code editor built for programming with AI. In versions 1.7 and below, automatic loading of project-specific CLI configuration from the current working directory /.cursor/cli.json could override certain global configurations in Cursor CLI. This allowed users running the CLI inside a...

8.8CVSS0.00421EPSS
Exploits0References1
osv
osv
added 2025/10/03 5:23 p.m.7 views

CVE-2025-61592 Cursor CLI: Arbitrary Code Execution Possible through Permissive CLI Config

Cursor is a code editor built for programming with AI. In versions 1.7 and below, automatic loading of project-specific CLI configuration from the current working directory /.cursor/cli.json could override certain global configurations in Cursor CLI. This allowed users running the CLI inside a...

8.8CVSS7.8AI score0.00421EPSS
Exploits0References3
Rows per page
Query Builder