CVE-2025-54136 – MCPoison Cursor IDE: Persistent Code Execution via MCP Trust Bypass research.checkpoint.com/2025/curs…

Cursor is a developer-focused AI IDE that combines local code editing with large language model (LLM) integrations. Due to its flexibility and deep LLM integration, Cursor is increasingly adopted by startups, research teams, and individual developers looking to integrate AI tooling directly into their development workflow. Like many AI development platforms, one of its features is Model Context Protocol (MCP) — plugin-like configurations that allow the IDE to define and execute workflows that may involve remote APIs, LLM-generated commands, or local command execution.

As AI-powered developer tools become integrated into daily workflows, they increasingly rely on automation, local execution of model outputs, and collaborative project sharing. Cursor’s support for workspace-linked configuration files and custom plugin behavior presents a unique attack surface — particularly in multi-user environments where files may be synchronized through shared Git repositories.