{"data":{"id":"c40a5610-3d67-4fe9-ba0a-139b54bfa903","title":"CVE-2025-64107: Cursor is a code editor built for programming with AI. In versions 1.7.52 and below, manipulating internal settings may ","summary":"Cursor, a code editor designed for AI-assisted programming, had a security flaw in versions 1.7.52 and below where attackers could bypass safety checks on Windows machines. While the software blocked path manipulation (tricks to access files in unintended ways) using forward slashes and required human approval, the same trick using backslashes was not detected, potentially allowing an attacker with prompt injection access (hidden malicious instructions in AI inputs) to run arbitrary code and overwrite important files without permission.","solution":"This issue is fixed in version 2.0.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2025-64107","publishedAt":"2025-11-04T23:15:44.330Z","cveId":"CVE-2025-64107","cweIds":["CWE-22"],"cvssScore":"8.8","cvssSeverity":"high","severity":"high","attackType":["prompt_injection"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["Cursor"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00084,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-126"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.88,"researchCategory":null,"atlasIds":null}}