{"data":{"id":"7ae655d6-8b94-46ed-9c0e-5b8e469d4e33","title":"CVE-2025-64108: Cursor is a code editor built for programming with AI. In versions 1.7.44 and below, various NTFS path quirks allow a pr","summary":"Cursor, a code editor designed for AI-assisted programming, has a vulnerability in versions 1.7.44 and below where attackers can exploit NTFS path quirks (special behaviors of Windows file systems) to bypass file protection rules and overwrite files that normally require human approval, potentially leading to RCE (remote code execution, where an attacker can run commands on a system they don't own). This attack requires chaining with prompt injection (tricking an AI by hiding instructions in its input) or a malicious AI model, and only affects Windows systems using NTFS.","solution":"This issue is fixed in version 2.0. Users should upgrade to version 2.0 or later.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2025-64108","publishedAt":"2025-11-04T23:15:44.470Z","cveId":"CVE-2025-64108","cweIds":["CWE-22","CWE-94"],"cvssScore":"8.8","cvssSeverity":"high","severity":"high","attackType":["prompt_injection"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["Cursor"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00121,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-126","CAPEC-242"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","safety"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}