{"data":{"id":"eec2ed7c-3fec-446d-9b57-e159abd231da","title":"CVE-2025-54132: Cursor is a code editor built for programming with AI. In versions below 1.3, Mermaid (which is used to render diagrams)","summary":"Cursor, a code editor that uses AI to help with programming, has a vulnerability in versions below 1.3 where Mermaid (a diagram rendering tool) can embed images that leak sensitive information to an attacker's server. An attacker could exploit this by using prompt injection (tricking the AI by hiding instructions in its input) through malicious data like websites, uploaded images, or source code, potentially stealing data when the images are fetched.","solution":"This issue is fixed in version 1.3. Users should update Cursor to version 1.3 or later.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2025-54132","publishedAt":"2025-08-01T23:15:24.753Z","cveId":"CVE-2025-54132","cweIds":["CWE-918"],"cvssScore":"4.4","cvssSeverity":"medium","severity":"medium","attackType":["prompt_injection","data_extraction"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["Cursor"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00045,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-664"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}