AI IDE 'Cursor' discovers a critical vulnerability... Installation agreement contains security flaws

TechubNews · 2025-12-19T13:53:43+00:00

Cyata Security recently reported that Cursor IDE has a significant remote code execution vulnerability, allowing attackers to exploit the model context protocol flaw to execute arbitrary commands, with a severity level as high as 8.8. This vulnerability stems from insecure IDE installation procedures, and security experts warn that security protections for AI development environments need to be strengthened. Cyata has collaborated with Cursor to promptly fix the vulnerability and is monitoring new security risks.

TechubNews

2025-12-19 13:53:43

Abstract generation in progress

A startup focused on AI security, Cyata Security, recently released a report revealing a significant remote code execution (RCE) vulnerability in the Cursor integrated development environment (IDE), exposing supply chain risks associated with proxy-based AI systems. The vulnerability can be exploited by abusing the installation process of the Model Context Protocol (MCP), tricking attackers into executing arbitrary commands on the developer’s system. This flaw, designated as CVE-2025-64106 by the National Institute of Standards and Technology (NIST), has been rated with a severity score of 8.8.

The issue stems from Cursor’s introduction of MCP to automate its preferred AI development workflow. The protocol aims to enable AI assistants within the IDE to connect with external tools, databases, and APIs, but its installation process requires system-level permissions, creating a new attack vector. Cyata researchers discovered that attackers could impersonate pop-up windows of popular automation tool Playwright during installation to gain user trust while executing malicious commands.

The core of the vulnerability lies in Cursor’s deep linking handling process. This feature is designed to execute system commands to install external tools, but attackers can manipulate its visual presentation to make unsafe commands appear legitimate. This is not a traditional memory overflow or hacking technique but an abuse of the trust-based logic within the installation process.

Security experts warn that as proxy-centered AI environments become more widespread, the installation process of IDEs, UI trustworthiness, and tool integration workflows are no longer just convenience features but security boundaries that must be protected. Shahar Tal, CEO of Cyata, stated, “When AI IDEs begin to access real permissions and tools, the installation process itself becomes a primary threat vector. This case demonstrates how attackers can covertly manipulate trusted installation procedures.”

After discovering the vulnerability, Cyata immediately collaborated with Cursor, completing a security patch within two days, and continues to monitor emerging security risks associated with proxy-based AI integrations. The security startup raised $8.5 million (approximately 122.4 billion KRW) in its initial funding round last July, with investors including TLV Partners and other private investors.

As the trend of proxy-based AI expands, protocol trustworthiness and user experience during installation are rapidly becoming new security variables. This vulnerability exemplifies the traps that can arise in AI tool design when security is not prioritized.

View Original

This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.