CVE-2025-64109 | Cursor up to 15.4.1 Model Context Protocol Server cursor/mcp.json os command injection (GHSA-4hwr-97q3-37w2)

A vulnerability was found in Cursor up to 15.4.1 and classified as critical. This impacts an unknown function of the file cursor/mcp.json of the component Model Context Protocol Server. The manipulation results in os command injection.

This vulnerability is known as CVE-2025-64109. It is possible to launch the attack remotely. No exploit is available.

It is suggested to upgrade the affected component.VulDB Recent EntriesRead More