CVE-2025-64110

High CVSS: 8.7

Cursor is a code editor built for programming with AI. In versions 1.7.23 and below, a logic bug allows a malicious agent to read sensitive files that should be protected via cursorignore. An attacker who has already achieved prompt injection, or a malicious model, could create a new cursorignore file which can invalidate the configuration of pre-existing ones. This could allow a malicious agent to read protected files. This issue is fixed in version 2.0.

Vendor

Anysphere

Product

Cursor

CWE

CWE-284

Yayın Tarihi

2025-11-05 00:15:34

Güncelleme

2025-11-07 13:04:09

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-284 Cursor HIGH Anysphere 2025

Referanslar

https://github.com/cursor/cursor/security/advisories/GHSA-vhc2-fjv4-wqch

Benzer Kayıtlar

High

CVE-2026-31854

Cursor is a code editor built for programming with AI. Prior to 2.0 ,if a visited website contains maliciously crafted i…

High

CVE-2026-26268

Cursor is a code editor built for programming with AI. Sandbox escape via writing .git configuration was possible in ver…

High

CVE-2026-22708

Cursor is a code editor built for programming with AI. Prior to 2.3, hen the Cursor Agent is running in Auto-Run Mode wi…

High

CVE-2025-64106

Cursor is a code editor built for programming with AI. In versions 1.7.28 and below, an input validation flaw in Cursor'…

High

CVE-2025-64107

Cursor is a code editor built for programming with AI. In versions 1.7.52 and below, manipulating internal settings may…

High

CVE-2025-64108

Cursor is a code editor built for programming with AI. In versions 1.7.44 and below, various NTFS path quirks allow a pr…