Security Operations, AI/ML, DevOps, Vulnerability Management, Patch/Configuration Management

Cursor IDE vulnerability exposes risks in AI tooling and installation workflows

(Credit: Robert – stock.adobe.com)

A critical remote code execution vulnerability has been detailed in Cursor Inc.'s integrated development environment, highlighting risks associated with trusted installation workflows and agentic AI tooling. The vulnerability, tracked as CVE-2025-64106 and rated 8.8 in severity, affected Cursor’s Model Context Protocol installation flows, potentially allowing attackers to execute arbitrary commands on a developer’s machine. The issue was patched within two days of its discovery by Cyata Security Ltd., based on information published by Silicon Angle.

The vulnerability emerged due to Cursor's use of the Model Context Protocol to connect AI assistants within the IDE to external tools, databases, and APIs, enabling more autonomous development workflows. This connectivity introduced new attack surfaces, particularly when AI systems are granted system-level permissions during setup. Cyata researchers discovered that the MCP installation process could be manipulated to trick users into executing malicious commands under the guise of trusted software, such as Playwright. The exploit bypassed traditional methods by abusing logic and trust assumptions within the installation workflow, leveraging a trusted execution path and recognizable tooling to reduce user suspicion.

The trust placed in installation interfaces and deep-link handling has become a critical security boundary. As AI IDEs gain more autonomy and access to system permissions, developers and security professionals must treat UI trust, deep links, and tool installation processes as integral parts of their threat models to prevent similar exploits and ensure the security of agentic workflows.

Source: Silicon Angle

An In-Depth Guide to AI

Get essential knowledge and practical strategies to use AI to better your security program.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds