CVE-2025-54131
Expert Analysis
Professional remediation guidance
Get tailored security recommendations from our analyst team for CVE-2025-54131. We'll provide specific mitigation strategies based on your environment and risk profile.
CVSS Score
V3.1Attack Vector Metrics
Impact Metrics
Description
Cursor is a code editor built for programming with AI. In versions below 1.3, an attacker can bypass the allow list in auto-run mode with a backtick (`) or $(cmd). If a user has swapped Cursor from its default settings (requiring approval for every terminal call) to an allowlist, an attacker can execute arbitrary command execution outside of the allowlist without user approval. An attacker can trigger this vulnerability if chained with indirect prompt injection. This is fixed in version 1.3.
Available Exploits
Related News
Affected Products
Unknown Product
EU Vulnerability Database
Monitored by ENISA for EU cybersecurity
ENISA Analysis
Malicious code in bioql (PyPI)
Affected Products (ENISA)
ENISA Scoring
CVSS Score (3.1)
EPSS Score
Data provided by ENISA EU Vulnerability Database. Last updated: October 3, 2025