CVE-2025-54131: Cursor is a code editor built for programming with AI. In versions below 1.3, an attacker can bypass the allow list in a
mediumvulnerability
security
Summary
Cursor is a code editor designed for programming with AI that has a vulnerability in versions below 1.3. If a user changes Cursor's default settings to use an allowlist (a list of approved commands), an attacker can bypass this protection by using backticks (`) or $(cmd) syntax to run arbitrary commands (unrestricted code execution) without permission, especially when combined with indirect prompt injection (tricking the AI through hidden instructions in input).
Solution / Mitigation
This is fixed in version 1.3.
Vulnerability Details
CVSS Score
6.4(medium)
EPSS (30-day exploit probability)
EPSS: 0.1%
Classification
Attack Type
Prompt Injection
Attack SophisticationModerate
Impact (CIA+S)
integrityavailability
Affected Vendors
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-54131
First tracked: February 15, 2026 at 08:52 PM
Classified by LLM (prompt v3) · confidence: 85%