CyberSecurityBoardThreat Intel · CVEs · Products
Critical CVEs

CVE-2025-54135: CurXecute – Cursor Prompt Injection via Slack Message

July 1, 2026

CVE-2025-54135, known as CurXecute, is a vulnerability in Cursor discovered by Aim Security. A planted Slack message rewrites Cursor's ~/.cursor/mcp.json config and runs commands even after the user rejects the edit. Fixed in Cursor 1.3.