A critical flaw dubbed CurXecute (CVE-2025-54135) in the popular AI-assisted Cursor IDE allows attackers to hijack developer sessions and execute malicious commands via prompt-injection attacks. Researchers warn this could enable ransomware, data theft, or project sabotage by exploiting the IDE's Model Context Protocol. The vulnerability is now patched in version 1.3, urging immediate updates.