Cursor is a code editor built for programming with AI. Cursor allows writing in-workspace files with no user approval in versions below 1.3.9, If the file is a dotfile, editing it requires approval but creating a new one doesn't. Hence, if sensitive MCP files, such as the .cursor/mcp.json file don't already exist in the workspace, an attacker can chain a indirect prompt injection vulnerability to hijack the context to write to the settings file and trigger RCE on the victim without user approval. This is fixed in version 1.3.9.
Published: 2025-08-05
CVSS: 9.8
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Download Exploit for CVE-2025-54135 here:
Use Tor Browser to access .onion links.
Check our team here:
https://wednesfieldacademy.com/exploit-57-cve-2012-1856/
https://wednesfieldacademy.com/exploit-302-cve-2025-62229/
