CNNVD-202508-114 Information

CNNVD ID

CNNVD-202508-114

Related CVE

CVE-2025-54136

• CNNVD Published: 2025-08-02

Description (Chinese)

Cursor是Cursor开源的一个 AI 代码编辑器。 Cursor 1.2.4及之前版本存在操作系统命令注入漏洞，该漏洞源于MCP配置文件可被修改，可能导致远程持久代码执行。

Description (English)

Cursor is an AI code editor at Cursor Open Source. Cursor 1.2.4 and previous versions had a bug in the operating system command, which stemmed from the MCP configuration file that could be modified and could lead to long-range, durable code implementation.

Hazard Level

Medium

Vulnerability Type

操作系统命令注入

Affected Vendor

Cursor

Published

2025-08-02

Last Modified

2026-02-24

References

https://github.com/cursor/cursor/security/advisories/GHSA-24mc-g4xr-4395 https://access.redhat.com/security/cve/cve-2025-54136 https://nvd.nist.gov/vuln/detail/CVE-2025-54136

Patch

https://cursor.com/downloads