Cursor: Speedbump Modal Bypass in MCP Server Deep-Link_CVE-2025-64106

8.8 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Description

Cursor is a code editor built for programming with AI. In versions 1.7.28 and below, an input validation flaw in Cursor's MCP server installation enables specially crafted deep-links to bypass the standard security warnings and conceal executed commands from users if they choose to accept the server. If an attacker is able to convince a victim to navigate to a malicious deeplink, the victim will not see the correct speedbump modal, and if they choose to accept, will execute commands specified by the attackers deeplink.

AI Analysis

Input validation flaw in Cursor's MCP server installation enables bypass of security warnings and execution of malicious commands

Basic Information

ID CVE-2025-64106

Source GitHub_M

Published Nov 4, 2025 at 22:48

Affected Product

Vendor cursor

Product cursor

Version < 2.0

Affected Versions cursor cursor < 2.0

CWE Classification

CWE-78

AI Assessment

AI Score 8.8 / 10

AI Severity High

Vendor Cursor

Product Cursor Code Editor

Version 1.7.28 and below

References

github.com /cursor/cursor/security/advisories/GHSA-4575-fh42-7848

{
    "lastseen": "",
    "description": "Cursor is a code editor built for programming with AI. In versions 1.7.28 and below, an input validation flaw in Cursor's MCP server installation enables specially crafted deep-links to bypass the standard security warnings and conceal executed commands from users if they choose to accept the server. If an attacker is able to convince a victim to navigate to a malicious deeplink, the victim will not see the correct speedbump modal, and if they choose to accept, will execute commands specified by the attackers deeplink.",
    "published": "2025-11-04T22:48:14.832Z",
    "modified": "2025-11-04T22:48:14.832Z",
    "type": "cve",
    "title": "Cursor: Speedbump Modal Bypass in MCP Server Deep-Link",
    "source": "GitHub_M",
    "references": "https://github.com/cursor/cursor/security/advisories/GHSA-4575-fh42-7848",
    "id": "CVE-2025-64106",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78"
    ],
    "cvelist": null,
    "sourceData": "cursor cursor < 2.0",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "cursor",
    "version": "< 2.0",
    "vendor": "cursor",
    "ai_description": "Input validation flaw in Cursor's MCP server installation enables bypass of security warnings and execution of malicious commands",
    "ai_severity": "High",
    "ai_vendor": "Cursor",
    "ai_product": "Cursor Code Editor",
    "ai_version": "1.7.28 and below",
    "ai_score": 8.8
}