CVE-2025-64109HIGH 8.8EPSS p29.5%

CVE-2025-64109CVE-2025-64109

Description

Cursor is a code editor built for programming with AI. In versions and below, a vulnerability in the Cursor CLI Beta allowed an attacker to achieve remote code execution through the MCP (Model Context Protocol) server mechanism by uploading a malicious MCP configuration in .cursor/mcp.json file in a GitHub repository. Once a victim clones the project and opens it using Cursor CLI, the command to run the malicious MCP server is immediately executed without any warning, leading to potential code execution as soon as the command runs. This issue is fixed in version 2025.09.17-25b418f.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS0.38% probability of exploitation · percentile 29.5% · 2026-06-18T12:00:27Z
Published2025-11-05
Last modified2026-04-15

Underlying weaknesses· 1

CWE-78

References

  1. https://github.com/cursor/cursor/security/advisories/GHSA-4hwr-97q3-37w2

1

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection')cwe-780%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-54136
CVE
CVE-2025-61592
CVE
CVE-2025-61591
CVE
CVE-2025-64106
CVE
CVE-2025-54133
CVE
CVE-2025-59944
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.