Cursor Security Update Advisory (CVE-2025-54135)

Aug 06 2025

Overview

We have released a security update to address a vulnerability in Cursor. Affected product users are advised to update to the latest version.

Affected Products

CVE-2025-54135

Cursor Version: 1.2.1 and earlier

Resolved Vulnerabilities

Arbitrary code execution vulnerability in Cursor due to prompt port injection via MCP special file (CVE-2025-54135)

Vulnerability Patches

Vulnerability Patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2025-54135

Cursor Version: 1.3.9

References

[1] Arbitrary code execution from Cursor Agent through a prompt injection via MCP Special Files
https://github.com/cursor/cursor/security/advisories/GHSA-4cxx-hrm3-49rm

Cursor Security Update Advisory (CVE-2025-54135)

Cautionary Advisory for SGA Solutions Products

OAuth2-Proxy Security Update Advisory (CVE-2025-54576)

Tags:

Cautionary Advisory for SGA Solutions Products

OAuth2-Proxy Security Update Advisory (CVE-2025-54576)