5 matches found
Cursor AI Code Editor Vulnerability Enables RCE via Malicious MCP File Swaps Post Approval
Cybersecurity researchers have disclosed a high-severity security flaw in the artificial intelligence AI-powered code editor Cursor that could result in remote code execution. The vulnerability, tracked as CVE-2025-54136 CVSS score: 7.2, has been codenamed MCPoison by Check Point Research, owing ...
CVE-2025-54136
Cursor is a code editor built for programming with AI. In versions 1.2.4 and below, attackers can achieve remote and persistent code execution by modifying an already trusted MCP configuration file inside a shared GitHub repository or editing the file locally on the target's machine. Once a...
CVE-2025-54136 Cursor's Modification of MCP Server Definitions Bypasses Manual Re-approvals
Cursor is a code editor built for programming with AI. In versions 1.2.4 and below, attackers can achieve remote and persistent code execution by modifying an already trusted MCP configuration file inside a shared GitHub repository or editing the file locally on the target's machine. Once a...
CVE-2025-54136 Cursor's Modification of MCP Server Definitions Bypasses Manual Re-approvals
Cursor is a code editor built for programming with AI. In versions 1.2.4 and below, attackers can achieve remote and persistent code execution by modifying an already trusted MCP configuration file inside a shared GitHub repository or editing the file locally on the target's machine. Once a...
CVE-2025-54136
Cursor is an AI code editor where CVE-2025-54136 affects versions