Skip to content
  • Blog Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form

Several Vulnerabilities Patched in AI Code Editor Cursor 

Posted on August 4, 2025August 4, 2025 By CWS

A vulnerability within the AI code editor Cursor allowed distant attackers to use an oblique immediate injection concern to change delicate MCP recordsdata and execute arbitrary code.

Tracked as CVE-2025-54135 (CVSS rating of 8.6), the flaw existed as a result of Cursor didn’t require person approval when making a delicate MCP file.

The safety defect allowed an attacker to jot down a dotfile, such because the .cursor/mcp.json file, via an oblique immediate injection, after which set off distant code execution (RCE) with out the person’s approval.

“If chained with a separate immediate injection vulnerability, this might enable the writing of delicate MCP recordsdata on the host by the agent. This will then be used to immediately execute code by including it as a brand new MCP server,” Cursor’s advisory reads.

In response to Goal Labs, which found the bug and referred to as it CurXecute, the problem is that instructed mcp.json edits instantly land on disk and Cursor executes them, earlier than the person accepts or rejects them.

Thus, an attacker can add a normal MCP server that exposes the agent to untrusted knowledge, then provide a immediate that instructs the agent to enhance mcp.json, leading to Cursor launching the MCP server within the modified file, which ends up in RCE.

“This occurs earlier than the person has any probability to approve or reject the suggestion – offering the attacker with an arbitrary command execution,” Goal Labs underlines.

Any third‑social gathering MCP server that processes exterior content material is prone to the assault, together with buyer help instruments, concern trackers, and search engines like google and yahoo, Goal Labs says.Commercial. Scroll to proceed studying.

Addressed in Cursor model 1.3, this was not the one code execution flaw resolved within the AI agent not too long ago. One other one, tracked as CVE-2025-54136 (CVSS rating of seven.2), might have allowed attackers to swap innocent MCP configuration recordsdata with malicious instructions, with out triggering a warning.

“If an attacker has write permissions on a person’s lively branches of a supply repository that comprises current MCP servers the person has beforehand authorised, or an attacker has arbitrary file-write domestically, the attacker can obtain arbitrary code execution,” Cursor notes.

One other oblique immediate injection assault in opposition to Cursor was flagged by BackSlash and HiddenLayer. It was associated to Cursor’s Auto-Run mode, the place instructions can be routinely executed, with out requesting permissions, and was addressed in Cursor model 1.3.

Customers might outline an inventory of instructions that the AI agent needed to request person permissions to run, however this safety might be bypassed by together with the immediate injection within the remark block inside a git repository’s Readme.

When the sufferer clones the repository, Cursor reads the directions and follows them, which permits the attacker to exfiltrate delicate info from the system, chain reputable instruments to reap and exfiltrate recordsdata, or carry out different malicious actions, with out warning the sufferer, HiddenLayer says.

“We discovered no fewer than 4 methods for a compromised agent to bypass the Cursor denylist and execute unauthorized instructions,” BackSlash notes.

Associated: Flaw in Vibe Coding Platform Base44 Uncovered Non-public Enterprise Purposes

Associated: The Wild West of Agentic AI – An Assault Floor CISOs Can’t Afford to Ignore

Associated: Google Says AI Agent Thwarted Exploitation of Important Vulnerability

Associated: Malicious NPM Packages Goal Cursor AI’s macOS Customers

Security Week News Tags:Code, Cursor, Editor, Patched, Vulnerabilities

Post navigation

Previous Post: Gene Sequencing Giant Illumina Settles for $9.8M Over Product Vulnerabilities
Next Post: NestJS Framework Vulnerability Execute Arbitrary Code in Developers Machine

Related Posts

UK’s Ransomware Payment Ban: Bold Strategy or Dangerous Gamble? Security Week News
Alleged Chinese State Hacker Wanted by US Arrested in Italy Security Week News
Chrome to Distrust Chunghwa Telecom and Netlock Certificates Security Week News
In Other News: Microsoft Finds AMD CPU Flaws, ZuRu macOS Malware Evolves, DoNot APT Targets Govs Security Week News
Cyata Emerges From Stealth With $8.5 Million in Funding Security Week News
Motors Theme Vulnerability Exploited to Hack WordPress Websites Security Week News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • US Announces $100 Million for State, Local and Tribal Cybersecurity
  • New Malware Attack Weaponizing LNK Files to Install The REMCOS Backdoor on Windows Machines
  • VPN 0-Day, Encryption Backdoor, AI Malware, macOS Flaw, ATM Hack & More
  • Cybersecurity M&A Roundup: 44 Deals Announced in July 2025
  • Hackers Can Manipulate BitLocker Registry Keys Via WMI to Execute Malicious Code as Interactive User

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • US Announces $100 Million for State, Local and Tribal Cybersecurity
  • New Malware Attack Weaponizing LNK Files to Install The REMCOS Backdoor on Windows Machines
  • VPN 0-Day, Encryption Backdoor, AI Malware, macOS Flaw, ATM Hack & More
  • Cybersecurity M&A Roundup: 44 Deals Announced in July 2025
  • Hackers Can Manipulate BitLocker Registry Keys Via WMI to Execute Malicious Code as Interactive User

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News