CVE-2025-54135CRITICAL 9.8EPSS p74.5%
CVE-2025-54135CVE-2025-54135
Description
Cursor is a code editor built for programming with AI. Cursor allows writing in-workspace files with no user approval in versions below 1.3.9, If the file is a dotfile, editing it requires approval but creating a new one doesn't. Hence, if sensitive MCP files, such as the .cursor/mcp.json file don't already exist in the workspace, an attacker can chain a indirect prompt injection vulnerability to hijack the context to write to the settings file and trigger RCE on the victim without user approval. This is fixed in version 1.3.9.
Scoring
| CVSS 3.1 | 9.8 (CRITICAL) |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| EPSS | 1.72% probability of exploitation · percentile 74.5% · 2026-06-18T12:00:27Z |
| Published | 2025-08-05 |
| Last modified | 2025-08-25 |
Underlying weaknesses· 2
References
2
| Type | Target | Confidence | Tier |
|---|---|---|---|
| Weakness | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')cwe-78 | 0% | live |
| Weakness | Inclusion of Functionality from Untrusted Control Spherecwe-829 | 0% | live |
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.