{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-28T15:40:27.263","vulnerabilities":[{"cve":{"id":"CVE-2025-54135","sourceIdentifier":"security-advisories@github.com","published":"2025-08-05T01:15:41.410","lastModified":"2026-06-17T09:39:30.873","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Cursor is a code editor built for programming with AI. Cursor allows writing in-workspace files with no user approval in versions below 1.3.9, If the file is a dotfile, editing it requires approval but creating a new one doesn't. Hence, if sensitive MCP files, such as the .cursor/mcp.json file don't already exist in the workspace, an attacker can chain a indirect prompt injection vulnerability to hijack the context to write to the settings file and trigger RCE on the victim without user approval. This is fixed in version 1.3.9."},{"lang":"es","value":"Cursor es un editor de código diseñado para programar con IA. En versiones anteriores a la 1.3.9, Cursor permite escribir archivos en el espacio de trabajo sin la aprobación del usuario. Si el archivo es un archivo de puntos, editarlo requiere aprobación, pero crear uno nuevo no. Por lo tanto, si no existen archivos MCP sensibles, como el archivo .cursor/mcp.json, en el espacio de trabajo, un atacante puede encadenar una vulnerabilidad de inyección indirecta de solicitud para secuestrar el contexto y escribir en el archivo de configuración, lo que activará una RCE en la víctima sin la aprobación del usuario. Esto se corrigió en la versión 1.3.9."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"cursor","product":"cursor","versions":[{"version":"< 1.3.9","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-08-05T13:58:32.369007Z","id":"CVE-2025-54135","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"},{"lang":"en","value":"CWE-829"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:anysphere:cursor:*:*:*:*:*:*:*:*","versionEndExcluding":"1.3.9","matchCriteriaId":"17297CB2-0B98-497A-8796-F7F09E9B9876"}]}]}],"references":[{"url":"https://github.com/cursor/cursor/security/advisories/GHSA-4cxx-hrm3-49rm","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]}]}}]}