CVE-2025-59944

High CVSS: 8.0

Cursor is a code editor built for programming with AI. Versions 1.6.23 and below contain case-sensitive checks in the way Cursor IDE protects its sensitive files (e.g., */.cursor/mcp.json), which allows attackers to modify the content of these files through prompt injection and achieve remote code execution. A prompt injection can lead to full RCE through modifying sensitive files on case-insensitive fileystems. This issue is fixed in version 1.7.

Vendor

Anysphere

Product

Cursor

CWE

CWE-178

Yayın Tarihi

2025-10-03 21:15:34

Güncelleme

2025-10-16 18:16:19

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-178 Cursor HIGH Anysphere 2025

Referanslar

https://github.com/cursor/cursor/security/advisories/GHSA-xcwh-rrwj-gxc7

Benzer Kayıtlar

High

CVE-2026-31854

Cursor is a code editor built for programming with AI. Prior to 2.0 ,if a visited website contains maliciously crafted i…

High

CVE-2026-26268

Cursor is a code editor built for programming with AI. Sandbox escape via writing .git configuration was possible in ver…

High

CVE-2026-22708

Cursor is a code editor built for programming with AI. Prior to 2.3, hen the Cursor Agent is running in Auto-Run Mode wi…

High

CVE-2025-64110

Cursor is a code editor built for programming with AI. In versions 1.7.23 and below, a logic bug allows a malicious agen…

High

CVE-2025-64106

Cursor is a code editor built for programming with AI. In versions 1.7.28 and below, an input validation flaw in Cursor'…

High

CVE-2025-64107

Cursor is a code editor built for programming with AI. In versions 1.7.52 and below, manipulating internal settings may…