Cursor AI editor RCE via MCPoison trust bypass vulnerability

Aug 2025

CVE-2025-54136 (CVSS 8.8) allowed attackers to achieve persistent remote code execution in the popular AI coding IDE Cursor. Once a developer approved a benign MCP configuration, attackers could silently swap it for malicious commands without triggering re-approval. The flaw exposed developers to supply chain attacks and IP theft through shared GitHub repositories.

Incident Details

Perpetrator:AI coding IDE

Severity:Catastrophic

Blast Radius:Developers using Cursor 1.2.4 and below exposed to persistent RCE and supply chain attacks via shared repositories

Tech Stack

Cursor AI IDEModel Context Protocol (MCP)

References

The Hacker News: Cursor AI Code Editor Vulnerability Enables RCE ↗Check Point Research: CVE-2025-54136 MCPoison Cursor IDE ↗NVD: CVE-2025-54136 ↗