Aim Security researchers identified "CurXecute" (CVE-2025-54135), a significant vulnerability in the AI-powered code editor Cursor, enabling remote code execution with developer privileges via malicious prompt injection. This flaw exploits the Model Context Protocol (MCP), which allows AI agents to interact with external data, permitting attackers to rewrite configuration files without user confirmation. Rated medium severity (8.6), the vulnerability could lead to ransomware, data theft, or AI manipulation. Cursor released a patch in version 1.3 on July 29, advising users to update.
A significant remote code execution vulnerability, identified as CVE-2025-54135 or "CurXecute," was discovered in the AI-powered code editor, Cursor. The flaw allowed attackers to execute arbitrary commands with developer privileges through a prompt-injection attack targeting the editor's Model Context Protocol (MCP). This protocol, designed to enhance AI agent capabilities by connecting to external data sources like Slack or GitHub, created an attack vector where untrusted external data could rewrite a core configuration file (`~/.cursor/mcp.json`) and trigger commands without user consent. The potential consequences include ransomware deployment and data theft, highlighting a critical emerging risk in AI-powered development tools. The incident draws a direct parallel to the "EchoLeak" vulnerability in Microsoft's CoPilot, suggesting this is a systemic issue for AI agents that ingest external data, not an isolated flaw. While Cursor is not a major public entity, the swift resolution—a patch was merged one day after private disclosure and released in version 1.3—demonstrates a responsible security posture, though the vulnerability's existence underscores the security challenges inherent in the burgeoning AI application landscape.
AI-powered research, real-time alerts, and portfolio analytics for institutional investors.
Request a DemoOverall Sentiment
mixed
Sentiment Score
0.00
Ticker Sentiment
