CVE-2025-61593

Published: Oct 3, 2025Modified: Oct 9, 2025

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Cursor is a code editor built for programming with AI. In versions 1.7 and below, a vulnerability in the way Cursor CLI Agent protects its sensitive files (i.e. */.cursor/cli.json) allows attackers to modify the content of the files through prompt injection, thus achieving remote code execution. A prompt injection can lead to full RCE through modifying sensitive files on case-insensitive filesystems. This issue is fixed in a commit, 25b418f, but has yet to be released as of October 3, 2025.

Affected (1)

Products: Anysphere: Cursor

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Anysphere Cursor	Up to 1.7

Related CWEs

Improper Handling of Case Sensitivity

The product does not properly account for differences in case sensitivity when accessing or determining the properties of a resource, leading to inconsistent results.

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (1)

https://github.com/cursor/cursor/security/advisories/GHSA-x2vq-h6v6-jhc6

Source: security-advisories@github.com

Vendor Advisory

Timeline

No history available yet.