年入5亿美金的AI编程工具Cursor曝漏洞

Group 1 - The AI programming tool Cursor has a critical vulnerability named "CurXecute" (CVE-2025-54135) that allows attackers to inject malicious commands through the Model Context Protocol (MCP), compromising developer session permissions and executing remote code [2] - Cursor's parent company, Anysphere, completed a $900 million funding round in May 2025, raising its valuation to $9 billion, nearly tripling since the beginning of the year [2] - As of May this year, Cursor has over 360,000 paying users, including major tech companies like OpenAI and NVIDIA [2] Group 2 - Cursor was founded in 2021 by four MIT engineers and quickly gained traction with its "vibe coding" concept, integrating features like code generation and automated debugging [3] - Cursor's rapid growth is highlighted by its ability to attract a diverse user base, from professional developers to beginners, with notable endorsements from industry leaders [3] - The company generated $500 million in annual revenue, leading the global AI Agent revenue rankings with an impressive revenue per user of $3.2 million [2]