Cybersecurity researchers have uncovered a critical vulnerability in Cursor IDE that allows attackers to execute arbitrary system commands through a sophisticated trust bypass mechanism, potentially compromising developer workstations across collaborative coding environments.
Check Point Research disclosed the vulnerability, designated CVE-2025-54136 and dubbed “MCPoison,” which exploits Cursor IDE’s Model Context Protocol (MCP) trust system to achieve persistent remote code execution.
https://gbhackers.com/mcpoison-attack-a ... ursor-ide/