Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-54136
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Cursor's Modification of MCP Server Definitions Bypasses Manual Re-approvals
Source: NVD (National Vulnerability Database)
Vulnerability Description
Cursor is a code editor built for programming with AI. In versions 1.2.4 and below, attackers can achieve remote and persistent code execution by modifying an already trusted MCP configuration file inside a shared GitHub repository or editing the file locally on the target's machine. Once a collaborator accepts a harmless MCP, the attacker can silently swap it for a malicious command (e.g., calc.exe) without triggering any warning or re-prompt. If an attacker has write permissions on a user's active branches of a source repository that contains existing MCP servers the user has previously approved, or allows an attacker has arbitrary file-write locally, the attacker can achieve arbitrary code execution. This is fixed in version 1.3.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Cursor 操作系统命令注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Cursor是Cursor开源的一个 AI 代码编辑器。 Cursor 1.2.4及之前版本存在操作系统命令注入漏洞,该漏洞源于MCP配置文件可被修改,可能导致远程持久代码执行。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
cursorcursor < 1.3 -
II. Public POCs for CVE-2025-54136
#POC DescriptionSource LinkShenlong Link
1CVE-2025-54136 PoChttps://github.com/PRE5T0/CVE-2025-54136POC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2025-54136
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same product: cursor
Same vendor: cursor
Same weakness: CWE-78
V. Comments for CVE-2025-54136
Anonymous User
2025-12-01 18:47:23

我常常想, 参观你们描述的目的地。超级内容。 <a href=https://iqvel.com/zh-Hans/country/%E9%BB%91%E5%B1%B1>交通簽證</a> 我珍视, 这里有真诚的评论。你的项目 就是 正是这样的。请继续。

Anonymous User
2025-12-06 07:17:02

写得非常生动。谢谢 温暖。 <a href=https://iqvel.com/zh-Hans/a/%E4%BF%84%E7%BD%97%E6%96%AF/%E9%BA%BB%E9%9B%80%E5%B1%B1>莫大主樓</a> 能感受到热爱。万分感谢 心情。

Anonymous User
2025-12-15 13:38:57

鼓舞人心的 旅游内容! 把国家加入清单。 <a href=https://iqvel.com/zh-Hans/a/%E5%8D%B0%E5%BA%A6%E5%B0%BC%E8%A5%BF%E4%BA%9A/%E6%91%A9%E9%B9%BF%E5%8A%A0%E7%BE%A4%E5%B2%9B>香料之島</a> 衷心感谢 旅行故事。特别 令人愉快。

Anonymous User
2026-01-05 17:17:19

优秀的 在线导览, 加油 保持热情。衷心感谢! <a href=https://iqvel.com/zh-Hans/a/%E5%BE%B7%E5%9B%BD/%E5%BE%B7%E5%9B%BD%E5%9B%BD%E4%BC%9A%E5%A4%A7%E5%8E%A6>歷史與現代</a> 感谢 美丽的地方描写。十分 吸引人。

Leave a comment