CVE-2025-54136 – MCPoison Key Insights Critical RCE Flaw in Popular AI-powered IDE Check Point Research uncovered a persistent remote code execution vulnerability in Cursor, a fast-growing AI-powered coding platform trusted by developers worldwide. MCP Vulnerability Cursor allows attackers to gain long-term, silent access to developer environments by altering previously approved Model Context Protocol (MCPs), with no additional user prompt. Real-World Attack Scenario In shared repositories, a benign-looking MCP configuration can be weaponized after approval, triggering malicious code execution every time a project is opened in Cursor. Broader AI Supply Chain Risk The flaw exposes a critical weakness in the trust […]
The post Cursor IDE: Persistent Code Execution via MCP Trust Bypass appeared first on Check Point Blog.
Read the original article: