Cursor AI Code Editor Vulnerability Enables RCE via Malicious MCP File Swaps Post Approval
Cursor AI Code Editor Vulnerability Enables RCE via Malicious MCP File Swaps Post Approval
05 August 2025
Cybersecurity researchers have disclosed a high-severity security flaw in the artificial intelligence (AI)-powered code editor Cursor that could result in remote code execution.
The vulnerability, tracked as CVE-2025-54136 (CVSS score: 7.2), has been codenamed MCPoison by Check Point Research, owing to the fact that it exploits a quirk in the way the software handles modifications to Model