CVE-2025-61592: Cursor is a code editor built for programming with AI. In versions 1.7 and below, automatic loading of project-specific
Summary
Cursor, a code editor designed for AI-assisted programming, has a vulnerability in versions 1.7 and below where it automatically loads configuration files from project directories, which can be exploited by attackers. If a user runs Cursor's command-line tool (CLI) in a malicious repository, an attacker could use prompt injection (tricking the AI by hiding instructions in its input) combined with permissive settings to achieve remote code execution (the ability to run commands on the user's system without permission).
Solution / Mitigation
The fix is available as patch 2025.09.17-25b418f. As of October 3, 2025, this patch has not yet been included in an official release version.
Vulnerability Details
8.8(high)
EPSS: 0.2%
Classification
Affected Vendors
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-61592
First tracked: February 15, 2026 at 08:52 PM
Classified by LLM (prompt v3) · confidence: 92%