{"data":{"id":"29536bb7-8386-46b1-be4a-6e98a9ecfa5d","title":"CVE-2025-61591: Cursor is a code editor built for programming with AI. In versions 1.7 and below, when MCP uses OAuth authentication wit","summary":"Cursor is a code editor that lets programmers work with AI assistance. In versions 1.7 and below, when using MCP (a system for connecting external tools to AI) with OAuth authentication (a login method), an attacker can trick Cursor into running malicious commands by pretending to be a trusted service, potentially giving them full control of the user's computer.","solution":"A patch is available at version 2025.09.17-25b418f. Users should update to this patched version to fix the vulnerability.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2025-61591","publishedAt":"2025-10-03T17:15:47.853Z","cveId":"CVE-2025-61591","cweIds":["CWE-78"],"cvssScore":"8.8","cvssSeverity":"high","severity":"high","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["Cursor"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00092,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-88"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality","availability"],"aiComponentTargeted":"agent","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}