CVE-2025-54133
BaseFortify
Publication date: 2025-08-02
Last updated on: 2025-08-25
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| anysphere | cursor | From 1.1.7 (inc) to 1.3 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
| CWE-NVD-CWE-noinfo |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a UI information disclosure issue in Cursor's MCP deeplink handler. It allows attackers to trick users into clicking malicious deeplinks that trigger an installation dialog without showing the full command arguments. If the user proceeds, arbitrary system commands with those hidden arguments are executed on their machine. This requires only two clicks and relies on social engineering.
How can this vulnerability impact me? :
The vulnerability can lead to arbitrary system command execution on your machine if you click a malicious deeplink and confirm the installation dialog. This could allow attackers to run harmful commands, potentially compromising your system's security and integrity.
What immediate steps should I take to mitigate this vulnerability?
Upgrade Cursor to version 1.3 or later, as this version fixes the UI information disclosure vulnerability in the MCP deeplink handler. Additionally, educate users to avoid clicking on suspicious or untrusted cursor:// deeplink URLs to prevent social engineering attacks.