CVE-2025-54135: Cursor is a code editor built for programming with AI. Cursor allows writing in-workspace files with no user approval in
Summary
Cursor, a code editor designed for AI-assisted programming, has a vulnerability in versions below 1.3.9 where it can write files in a workspace without asking the user for permission. An attacker can exploit this by using prompt injection (tricking the AI by hiding instructions in its input) to create sensitive configuration files like .cursor/mcp.json, potentially gaining RCE (remote code execution, where an attacker can run commands on a system they don't own) on the victim's computer without approval.
Solution / Mitigation
Update Cursor to version 1.3.9 or later, where this vulnerability is fixed.
Vulnerability Details
8.5(high)
EPSS: 0.1%
Classification
Affected Vendors
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-54135
First tracked: February 15, 2026 at 08:52 PM
Classified by LLM (prompt v3) · confidence: 92%