CVE-2025-64106 | Cursor up to 1.7.28 MCP Server os command injection (GHSA-4575-fh42-7848)

A vulnerability classified as critical was found in Cursor up to 1.7.28. This affects an unknown function of the component MCP Server. Executing manipulation can lead to os command injection.

This vulnerability is registered as CVE-2025-64106. It is possible to launch the attack remotely. No exploit is available.

Upgrading the affected component is advised.VulDB Recent EntriesRead More