Cursor IDE: Persistent Code Execution via MCP Trust Bypass

CVE-2025-54136 –  MCPoison Key Insights Critical RCE Flaw in Popular AI-powered IDE Check Point Research uncovered a persistent remote code execution vulnerability in Cursor, a fast-growing AI-powered coding platform trusted by developers worldwide. MCP Vulnerability Cursor allows attackers to gain long-term, silent access to developer environments by altering previously approved Model Context Protocol (MCPs), with no additional user prompt. Real-World Attack Scenario In shared repositories, a benign-looking MCP configuration can be weaponized after approval, triggering malicious code execution every time a project is opened in Cursor. Broader AI Supply Chain Risk The flaw exposes a critical weakness in the trust […]

The post Cursor IDE: Persistent Code Execution via MCP Trust Bypass appeared first on Check Point Blog.



from Check Point Blog https://ift.tt/rP5Hw6V
via
-
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Check Point Cyber Security Now Available Across All Levels of U.S. Government

We’re proud to announce that Check Point has earned GovRAMP Authorization for the Check Point Infinity Platform for Government. This is a b...

  • IT threat evolution Q2 2018
    Targeted attacks and malware campaigns Operation Parliament In April, we reported the workings of Operation Parliament , a cyber-espionag...
  • Application Control in the World of Cloud and Shadow IT
    Cloud solutions are proliferating rapidly. Sometimes it seems like the pace is too fast, and is coming at the expense of security considerat...
  • CISO DACH Summit
    Hacker attacks are increasingly in the media, security issues in cloud computing remain unanswered and cybercriminals develop more complex a...