CurXecute and MCPoison: Two Recently Disclosed Vulnerabilities in Cursor IDE

Over the past few days, researchers have disclosed two new vulnerabilities in Cursor, the AI-assisted code editor used by over a million users including notable Fortune 500 companies.

CVE	Description	CVSSv3
CVE-2025-54135	Cursor Arbitrary Code Execution Vulnerability (“CurXecute”)	8.5
CVE-2025-54136	Cursor Remote Code Execution via Unverified Configuration Modification Vulnerability (“MCPoison”)	7.2

Both vulnerabilities have the potential to be severe, but they are context dependent. The common thread shared between CurXecute and MCPoison is how Cursor handles interaction with MCP servers.

For more information about these vulnerabilities, including the availability of patches and Tenable product coverage, please visit our blog.

Cyber Exposure Alerts

Tenable Nessus

Tenable Vulnerability Management

Vulnerability Watch

Forum Discussion

CurXecute and MCPoison: Two Recently Disclosed Vulnerabilities in Cursor IDE

Recent Discussions

Microsoft’s September 2025 Patch Tuesday Addresses 80 CVEs (CVE-2025-55234)

Frequently Asked Questions About Chinese State-Sponsored Actors Compromising Global Networks

CVE-2025-7775: Citrix NetScaler ADC and Gateway Zero-Day RCE Vulnerability Exploited in the Wild

CVE-2025-25256: Proof of Concept Released for Fortinet FortiSIEM Command Injection Vulnerability

Microsoft’s August 2025 Patch Tuesday Addresses 107 CVEs (CVE-2025-53779)

Americas

Europe

Asia / Australia