CVE-2025-54136

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://github.com/cursor/cursor/security/advisories/GHSA-24mc-g4xr-4395", "name": "https://github.com/cursor/cursor/security/advisories/GHSA-24mc-g4xr-4395", "tags": [], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Cursor is a code editor built for programming with AI. In versions 1.2.4 and below, attackers can achieve remote and persistent code execution by modifying an already trusted MCP configuration file inside a shared GitHub repository or editing the file locally on the target's machine. Once a collaborator accepts a harmless MCP, the attacker can silently swap it for a malicious command (e.g., calc.exe) without triggering any warning or re-prompt. If an attacker has write permissions on a user's active branches of a source repository that contains existing MCP servers the user has previously approved, or allows an attacker has arbitrary file-write locally, the attacker can achieve arbitrary code execution. This is fixed in version 1.3."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-78"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2025-54136", "ASSIGNER": "security-advisories@github.com"}}, "impact": {}, "publishedDate": "2025-08-02T00:15Z", "configurations": {"nodes": [], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-08-02T00:15Z"}