Cybersecurity comparison table of three MCP-related vulnerabilities affecting AI development tools. CVE-2025-54135 CurXecute impacts Cursor IDE with CVSS 8.5 and enables prompt injection that rewrites MCP configuration before approval prompts. CVE-2025-53967 affects Framelink Figma MCP with CVSS 7.5, allowing remote code execution through an unsanitized fileKey parameter. CVE-2025-54136 MCPoison impacts Cursor IDE with CVSS 7.2, enabling persistent remote code execution by replacing trusted MCP server configurations without requiring re-approval.

(Please use a modern browser to see the interactive version of this visualization)

Get the dataCreated with Datawrapper