Description

Cursor is a code editor built for programming with AI. In versions and below, a vulnerability in the Cursor CLI Beta allowed an attacker to achieve remote code execution through the MCP (Model Context Protocol) server mechanism by uploading a malicious MCP configuration in .cursor/mcp.json file in a GitHub repository. Once a victim clones the project and opens it using Cursor CLI, the command to run the malicious MCP server is immediately executed without any warning, leading to potential code execution as soon as the command runs. This issue is fixed in version 2025.09.17-25b418f.

INFO

Published Date :

2025-11-04T23:09:49.147Z

Last Modified :

2025-11-04T23:09:49.147Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-64109 vulnerability.

Vendors Products
Cursor
  • Cursor
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-64109.

URL Resource
https://github.com/cursor/cursor/security/advisories/GHSA-4hwr-97q3-37w2 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact