Experts have found a bug called CurXecute that is present in all variants of the AI-supported code editor Cursor and can be compromised to run remote code execution (RCE), along with developer privileges.
About the bug
The security bug is now listed as CVE-2025-54135 and can be exploited by giving the AI agent a malicious prompt to activate threat actor control commands.
The Cursor combined development environment (IDE) relies on AI agents to allow developers to code quicker and more effectively, helping them to connect with external systems and resources using Model Context Protocol (MCP).
According to the experts, a threat actor effectively abusing the CurXecute bug could trigger ransomware and ransomware data theft attacks.
Prompt-injection
CurXecute shares similarities to the EchoLeak bug in Microsoft 365 CoPilot that hackers can use to extort sensitive data without interacting with the users.
After finding and studying EchoLeak, the experts from the cybersecurity company Aim Security found that hackers can even exploit the local AI agent.
Cursor IDE supports the MCP open-standard framework, which increases an agent’s features by connecting it to external data tools and sources.
Agent exploitation
But the experts h
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: