Skip to content
  • Blog Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form

AI-Powered Code Editor Cursor IDE Vulnerability Enables Remote Code Without User Interaction

Posted on August 4, 2025August 4, 2025 By CWS

A extreme vulnerability within the well-liked AI-powered code editor Cursor IDE, dubbed “CurXecute,” permits attackers to execute arbitrary code on builders’ machines with none person interplay. 

The vulnerability, tracked as CVE-2025-54135 with a excessive severity rating of 8.6, impacts all Cursor IDE variations previous to 1.3 and has been efficiently patched following accountable disclosure.

Key Takeaways1.”CurXecute” in Cursor IDE permits distant code execution with out person interplay.2. Malicious prompts through exterior companies exploit MCP auto-start to execute arbitrary instructions.3. Replace instantly and assessment MCP.

The flaw exploits Cursor’s Mannequin Context Protocol (MCP) auto-start performance, which robotically executes new entries added to the ~/.cursor/mcp.json configuration file. 

This mechanism, mixed with the IDE’s recommended edits function, creates a harmful assault vector the place malicious prompts can set off distant code execution earlier than customers have any alternative to assessment or approve the modifications.

AI-Powered Code Editor Cursor IDE Vulnerability

The vulnerability operates by means of a classy immediate injection assault that leverages Cursor’s integration with exterior MCP servers. 

When builders join Cursor to third-party companies like Slack, GitHub, or databases by means of MCP, the IDE turns into uncovered to untrusted exterior information that may manipulate the agent’s management move.

The assault sequence begins when an attacker posts a crafted message in a public channel accessible by means of an MCP server. When a sufferer queries Cursor to summarize messages utilizing the related service, the malicious payload convinces the AI agent to change the mcp.json file. 

A typical injection would possibly embrace code comparable to:

The essential flaw lies in Cursor’s habits of writing recommended edits on to disk, triggering computerized command execution by means of the MCP auto-start function even earlier than customers can settle for or reject the suggestion. 

This allows attackers to execute instructions like contact ~/mcp_rce with developer-level privileges, probably resulting in information theft, ransomware deployment, or full system compromise.

Danger FactorsDetailsAffected ProductsCursor IDE (all variations previous to 1.3)ImpactRemote Code Execution (RCE)Exploit Stipulations– Goal system operating susceptible Cursor IDE model– MCP server configured with exterior information entry– Attacker potential to inject malicious content material into exterior information supply– Consumer interplay with AI agent to course of exterior dataCVSS 3.1 Score8.6 (Excessive)

Repair Out there

This vulnerability highlights a basic safety problem inherent in AI-powered growth instruments that bridge exterior and native computing environments. 

As Purpose Labs famous of their evaluation, any third-party MCP server processing exterior content material turns into a possible assault floor, together with difficulty trackers, buyer help programs, and engines like google.

Cursor has responded promptly to the disclosure, releasing model 1.3 with applicable fixes. 

Builders are strongly suggested to replace instantly and assessment their MCP server configurations to attenuate publicity to untrusted exterior information sources.

The invention builds upon earlier analysis by researchers, together with their June disclosure of “EchoLeak,” which demonstrated comparable immediate injection vulnerabilities in Microsoft 365 Copilot. 

These incidents underscore the rising want for sturdy runtime guardrails in AI agent architectures, as conventional safety fashions might show inadequate when exterior context can immediately affect agent habits and privilege utilization.

Combine ANY.RUN TI Lookup along with your SIEM or SOAR To Analyses Superior Threats -> Strive 50 Free Trial Searches

Cyber Security News Tags:AIPowered, Code, CursorIDE, Editor, Enables, Interaction, Remote, Vulnerability, WithoutUser

Post navigation

Previous Post: NestJS Framework Vulnerability Execute Arbitrary Code in Developers Machine
Next Post: The Wild West of Shadow IT

Related Posts

Surveillance Company Using SS7 Bypass Attack to Track the User’s Location Information Cyber Security News
The Future of Cybersecurity – Trends Shaping the Industry Cyber Security News
Android Packer Ducex Employs Serious Obfuscation Techniques and Detects Analysis Tools Presence Cyber Security News
Microsoft Patched Windows Server 2025 Restart Bug Disconnects AD Domain Controller Cyber Security News
Strengthening Security Measures In Digital Advertising Platforms Cyber Security News
Beware of Weaponized AI Tool Installers That Infect Your Devices With Ransomware Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • US Announces $100 Million for State, Local and Tribal Cybersecurity
  • AI Guardrails Under Fire: Cisco’s Jailbreak Demo Exposes AI Weak Points
  • New Malware Attack Weaponizing LNK Files to Install The REMCOS Backdoor on Windows Machines
  • Threat Actors Exploitation Attempts Spikes as an Early Indicator of New Cyber Vulnerabilities
  • VPN 0-Day, Encryption Backdoor, AI Malware, macOS Flaw, ATM Hack & More

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • US Announces $100 Million for State, Local and Tribal Cybersecurity
  • AI Guardrails Under Fire: Cisco’s Jailbreak Demo Exposes AI Weak Points
  • New Malware Attack Weaponizing LNK Files to Install The REMCOS Backdoor on Windows Machines
  • Threat Actors Exploitation Attempts Spikes as an Early Indicator of New Cyber Vulnerabilities
  • VPN 0-Day, Encryption Backdoor, AI Malware, macOS Flaw, ATM Hack & More

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News