CVE-2025-54133 Information
Description
Cursor is a code editor built for programming with AI. In versions 1.17 through 1.2 there is a UI information disclosure vulnerability in Cursor’s MCP (Model Context Protocol) deeplink handler allowing attackers to execute 2-click arbitrary system commands through social engineering attacks. When users click malicious cursor://anysphere.cursor-deeplink/mcp/install links the installation dialog does not show the arguments being passed to the command being run. If a user clicks a malicious deeplink then examines the installation dialog and clicks through the full command including the arguments will be executed on the machine. This is fixed in version 1.3.
Reference
https://github.com/cursor/cursor/security/advisories/GHSA-r22h-5wp2-2wfv
Related CNNVD
CNNVD-202508-113 (Published: 2025-08-02)
Share on: