CVE-2025-54130: Cursor is a code editor built for programming with AI. Cursor allows writing in-workspace files with no user approval in
highvulnerability
security
Summary
Cursor, a code editor designed for AI-assisted programming, has a vulnerability in versions before 1.3.9 where it can write files to a workspace without asking the user for permission. An attacker can exploit this by using prompt injection (tricking the AI by hiding instructions in its input) combined with this flaw to modify editor configuration files and achieve RCE (remote code execution, where an attacker can run commands on a system they don't own) without the user's knowledge.
Solution / Mitigation
Update Cursor to version 1.3.9 or later, where this vulnerability is fixed.
Vulnerability Details
CVSS Score
7.5(high)
EPSS (30-day exploit probability)
EPSS: 0.1%
Classification
Attack Type
Prompt InjectionSupply Chain
Attack SophisticationModerate
Impact (CIA+S)
integrity
Taxonomy References
CWE (Weakness Type)
Affected Vendors
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-54130
First tracked: February 15, 2026 at 08:52 PM
Classified by LLM (prompt v3) · confidence: 92%