CVE-2025-54135: CurXecute – Cursor Prompt Injection via Slack Message
CVE-2025-54135, known as CurXecute, is a vulnerability in Cursor discovered by Aim Security. A planted Slack message rewrites Cursor's ~/.cursor/mcp.json config and…
CVE-2025-54135, known as CurXecute, is a vulnerability in Cursor discovered by Aim Security. A planted Slack message rewrites Cursor's ~/.cursor/mcp.json config and…
Aim Security, a cybersecurity company, discovered the CurXecute vulnerability (CVE-2025-54135) in Cursor, which allowed prompt injection via Slack messages to rewrite configuration…