CVE-2025-54132: Cursor is a code editor built for programming with AI. In versions below 1.3, Mermaid (which is used to render diagrams)
Summary
Cursor, a code editor that uses AI to help with programming, has a vulnerability in versions below 1.3 where Mermaid (a diagram rendering tool) can embed images that leak sensitive information to an attacker's server. An attacker could exploit this by using prompt injection (tricking the AI by hiding instructions in its input) through malicious data like websites, uploaded images, or source code, potentially stealing data when the images are fetched.
Solution / Mitigation
This issue is fixed in version 1.3. Users should update Cursor to version 1.3 or later.
Vulnerability Details
4.4(medium)
EPSS: 0.0%
Classification
Affected Vendors
Related Issues
CVE-2025-45150: Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive
CVE-2025-54868: LibreChat is a ChatGPT clone with additional features. In versions 0.0.6 through 0.7.7-rc1, an exposed testing endpoint
Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-54132
First tracked: February 15, 2026 at 08:52 PM
Classified by LLM (prompt v3) · confidence: 85%