AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2025-59944: Cursor is a code editor built for programming with AI. Versions 1.6.23 and below contain case-sensitive checks in the wa

highvulnerability

security

Source: NVD/CVE DatabaseOctober 3, 2025CVE-2025-59944

Summary

Cursor is a code editor designed for programming with AI help. Versions 1.6.23 and below have a security flaw where they use case-sensitive checks (checking uppercase and lowercase letters as different) to protect sensitive files, which allows attackers to use prompt injection (tricking the AI with hidden instructions) to modify these files and gain remote code execution (the ability to run commands on the victim's computer) on case-insensitive filesystems (systems that treat uppercase and lowercase letters the same).

Solution / Mitigation

This issue is fixed in version 1.7. Users should upgrade to version 1.7 or later.

Vulnerability Details

CVSS Score

8(high)

EPSS (30-day exploit probability)

EPSS: 0.1%

Classification

Attack Type

Prompt Injection

Attack SophisticationModerate

Impact (CIA+S)

integrityconfidentiality

Taxonomy References

CWE (Weakness Type)

CWE-178

Affected Vendors

Related Issues

high

AI Kill Chain in Action: Devin AI Exposes Ports to the Internet with Prompt Injection

Similar attackEmbrace The Red

medium

CVE-2024-45989: Monica AI Assistant desktop application v2.3.0 is vulnerable to Exposure of Sensitive Information to an Unauthorized Act

First tracked: February 15, 2026 at 08:52 PM

Classified by LLM (prompt v3) · confidence: 85%