{"data":{"id":"0c8b9c1e-64de-4abd-aace-95a244333369","title":"CVE-2025-61589: Cursor is a code editor built for programming with AI. In versions 1.6 and below, Mermaid (a to render diagrams) allows ","summary":"Cursor, a code editor designed for programming with AI, has a vulnerability in versions 1.6 and below where Mermaid (a tool for rendering diagrams) can embed images that get displayed in the chat box. An attacker can exploit this through prompt injection (tricking the AI by hiding instructions in its input) to send sensitive information to an attacker-controlled server, or a malicious AI model might trigger this automatically.","solution":"This issue is fixed in version 1.7. Users should upgrade to version 1.7 or later.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2025-61589","publishedAt":"2025-10-03T07:15:45.470Z","cveId":"CVE-2025-61589","cweIds":["CWE-200"],"cvssScore":"5.9","cvssSeverity":"medium","severity":"medium","attackType":["prompt_injection","data_extraction"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["Cursor"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00037,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-116"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}