{"data":{"id":"adb9524e-2a27-4b49-b35b-5061ed8abd12","title":"CVE-2025-61593: Cursor is a code editor built for programming with AI. In versions 1.7 and below, a vulnerability in the way Cursor CLI ","summary":"Cursor, a code editor designed for programming with AI, has a vulnerability in versions 1.7 and below where attackers can use prompt injection (tricking the AI by hiding instructions in its input) to modify sensitive configuration files and achieve remote code execution (RCE, where an attacker can run commands on a system they don't own). This vulnerability is especially dangerous on case-insensitive filesystems (systems that treat uppercase and lowercase letters as the same).","solution":"This issue is fixed in commit 25b418f, but has yet to be released as of October 3, 2025.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2025-61593","publishedAt":"2025-10-03T18:15:36.230Z","cveId":"CVE-2025-61593","cweIds":["CWE-94","CWE-178"],"cvssScore":"7.1","cvssSeverity":"high","severity":"high","attackType":["prompt_injection"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["Cursor"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00103,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-242"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}