Cursor’s MCP Install Deeplink Does Not Show Arguments in its...

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Description

Cursor is a code editor built for programming with AI. In versions 1.17 through 1.2, there is a UI information disclosure vulnerability in Cursor's MCP (Model Context Protocol) deeplink handler, allowing attackers to execute 2-click arbitrary system commands through social engineering attacks. When users click malicious `cursor://anysphere.cursor-deeplink/mcp/install` links, the installation dialog does not show the arguments being passed to the command being run. If a user clicks a malicious deeplink, then examines the installation dialog and clicks through, the full command including the arguments will be executed on the machine. This is fixed in version 1.3.

Basic Information

ID CVE-2025-54133

Source GitHub_M

Published Aug 1, 2025 at 23:07

Modified Aug 4, 2025 at 17:17

Affected Product

Vendor cursor

Product cursor

Version >= 1.17, < 1.3

Affected Versions cursor cursor >= 1.17, < 1.3

CWE Classification

CWE-78 CWE-200

References

github.com /cursor/cursor/security/advisories/GHSA-r22h-5wp2-2wfv

{
    "lastseen": "",
    "description": "Cursor is a code editor built for programming with AI. In versions 1.17 through 1.2, there is a UI information disclosure vulnerability in Cursor's MCP (Model Context Protocol) deeplink handler, allowing attackers to execute 2-click arbitrary system commands through social engineering attacks. When users click malicious `cursor://anysphere.cursor-deeplink/mcp/install` links, the installation dialog does not show the arguments being passed to the command being run. If a user clicks a malicious deeplink, then examines the installation dialog and clicks through, the full command including the arguments will be executed on the machine. This is fixed in version 1.3.",
    "published": "2025-08-01T23:07:00.592Z",
    "modified": "2025-08-04T17:17:06.179Z",
    "type": "cve",
    "title": "Cursor's MCP Install Deeplink Does Not Show Arguments in its User-Dialog",
    "source": "GitHub_M",
    "references": "https://github.com/cursor/cursor/security/advisories/GHSA-r22h-5wp2-2wfv",
    "id": "CVE-2025-54133",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78",
        "CWE-200"
    ],
    "cvelist": null,
    "sourceData": "cursor cursor >= 1.17, < 1.3",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "cursor",
    "version": ">= 1.17, < 1.3",
    "vendor": "cursor",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Cursor’s MCP Install Deeplink Does Not Show Arguments in its User-Dialog_CVE-2025-54133