{"data":{"id":"b1d6b5e2-925b-47a0-ac62-29dc0b9b3da5","title":"CVE-2025-59944: Cursor is a code editor built for programming with AI. Versions 1.6.23 and below contain case-sensitive checks in the wa","summary":"Cursor is a code editor designed for programming with AI help. Versions 1.6.23 and below have a security flaw where they use case-sensitive checks (checking uppercase and lowercase letters as different) to protect sensitive files, which allows attackers to use prompt injection (tricking the AI with hidden instructions) to modify these files and gain remote code execution (the ability to run commands on the victim's computer) on case-insensitive filesystems (systems that treat uppercase and lowercase letters the same).","solution":"This issue is fixed in version 1.7. Users should upgrade to version 1.7 or later.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2025-59944","publishedAt":"2025-10-03T21:15:34.913Z","cveId":"CVE-2025-59944","cweIds":["CWE-178"],"cvssScore":"8","cvssSeverity":"high","severity":"high","attackType":["prompt_injection"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["Cursor"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.0012,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality","availability"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}