Primary

Context

Cursor CLI Beta Remote Code Execution Vulnerability via Malicious MCP Configuration

Vulnerability

A remote code execution vulnerability has been identified in the Cursor CLI Beta, affecting versions prior to 2025.09.17-25b418f. The issue arises from the MCP (Model Context Protocol) server mechanism, which can be exploited by uploading a harmful MCP configuration file, named .cursor/mcp.json, to a GitHub repository. When a victim clones the repository and opens it with Cursor CLI, the application automatically executes the command to launch the malicious MCP server, without any warning. This allows for immediate code execution as soon as the command is run.

Impact

Exploitation of this vulnerability allows for remote code execution on the victim's machine.

Remediation

Users can update to Cursor CLI version 2025.09.17-25b418f or later. After this update, MCP servers will prompt for confirmation before being enabled.

Added: Nov 5, 2025, 12:17 AM

Updated: Nov 5, 2025, 12:17 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

6.4

remediation

7.7

relevance

0.9

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

6.4

remediation

7.7

relevance

0.9

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Cursor CLI Beta Remote Code Execution Vulnerability via Malicious MCP Configuration

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating