{"data":{"id":"88011702-3630-4d44-a1cc-6482560deb59","title":"CVE-2025-64110: Cursor is a code editor built for programming with AI. In versions 1.7.23 and below, a logic bug allows a malicious agen","summary":"Cursor, a code editor designed for programming with AI, has a logic bug in versions 1.7.23 and below that allows attackers to bypass cursorignore (a file that protects sensitive files from being read). An attacker who has already performed prompt injection (tricking an AI by hiding instructions in its input) or controls a malicious AI model could create a new cursorignore file to override existing protections and access protected files.","solution":"Update to version 2.0, where this issue is fixed.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2025-64110","publishedAt":"2025-11-05T00:15:34.957Z","cveId":"CVE-2025-64110","cweIds":["CWE-284"],"cvssScore":"7.5","cvssSeverity":"high","severity":"high","attackType":["prompt_injection"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["Cursor"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00053,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"agent","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}