CVE-2025-54131
BaseFortify
Publication date: 2025-08-01
Last updated on: 2025-08-25
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| anysphere | cursor | to 1.3 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-77 | The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Cursor versions below 1.3, where an attacker can bypass the allow list in auto-run mode by using a backtick (`) or $(cmd). If a user has changed Cursor's default settings from requiring approval for every terminal call to using an allowlist, the attacker can execute arbitrary commands outside of the allowlist without user approval. This can be triggered if combined with indirect prompt injection. The issue is fixed in version 1.3.
How can this vulnerability impact me? :
The vulnerability allows an attacker to execute arbitrary commands on your system without your approval if you have configured Cursor to use an allowlist instead of requiring approval for every terminal call. This could lead to unauthorized actions, potentially compromising the confidentiality, integrity, and availability of your system.
What immediate steps should I take to mitigate this vulnerability?
Upgrade Cursor to version 1.3 or later, as this version fixes the vulnerability. Additionally, avoid using the allowlist mode for auto-run terminal calls or revert to the default settings that require approval for every terminal call to prevent arbitrary command execution.