Skip to main content

Cursor CVE-2025-61592

| EUVDEUVD-2025-33204 HIGH
Inclusion of Functionality from Untrusted Control Sphere (CWE-829)
2025-10-03 security-advisories@github.com
8.8
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
8.8 HIGH
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Mar 13, 2026 - 19:29 euvd
EUVD-2025-33204
Analysis Generated
Mar 13, 2026 - 19:29 vuln.today
CVE Published
Oct 03, 2025 - 18:15 nvd
HIGH 8.8

DescriptionGitHub Advisory

Cursor is a code editor built for programming with AI. In versions 1.7 and below, automatic loading of project-specific CLI configuration from the current working directory (<project>/.cursor/cli.json) could override certain global configurations in Cursor CLI. This allowed users running the CLI inside a malicious repository to be vulnerable to Remote Code Execution through a combination of permissive configuration (allowing shell commands) and prompt injection delivered via project-specific Rules (<project>/.cursor/rules/rule.mdc) or other mechanisms. The fix for this issue is currently available as a patch 2025.09.17-25b418f. As of October 3, 2025 there is no release version.

Analysis

Cursor is a code editor built for programming with AI. In versions 1.7 and below, automatic loading of project-specific CLI configuration from the current working directory (<project>/.cursor/cli.json) could override certain global configurations in Cursor CLI. This allowed users running the CLI inside a malicious repository to be vulnerable to Remote Code Execution through a combination of permissive configuration (allowing shell commands) and prompt injection delivered via project-specific Rules (<project>/.cursor/rules/rule.mdc) or other mechanisms. The fix for this issue is currently available as a patch 2025.09.17-25b418f. As of October 3, 2025 there is no release version.

Technical ContextAI

Remote code execution allows an attacker to run arbitrary commands or code on the target system over a network without prior authentication. This vulnerability is classified as Inclusion of Functionality from Untrusted Control Sphere (CWE-829).

RemediationAI

Apply vendor patches immediately. Restrict network access to vulnerable services. Implement network segmentation and monitoring for anomalous activity.

More in Cursor

View all
CVE-2026-22708 CRITICAL
9.8 Jan 14

Cursor AI code editor before 2.3 allows prompt injection to bypass the Agent's Allowlist mode. Shell built-ins can execu

CVE-2026-50549 CRITICAL
9.3 Jun 25

Sandbox escape leading to non-sandboxed remote code execution in Cursor (the AI code editor) prior to version 3.0, where

CVE-2026-50548 CRITICAL
9.3 Jun 25

Sandbox escape leading to non-sandboxed remote code execution affects the Cursor AI code editor prior to version 3.0, wh

CVE-2025-61591 HIGH
8.8 Oct 03

Cursor is a code editor built for programming with AI. In versions 1.7 and below, when MCP uses OAuth authentication wit

CVE-2026-31854 HIGH
8.8 Mar 11

Cursor is a code editor built for programming with AI. versions up to 2.0 is affected by os command injection.

CVE-2026-48124 HIGH
8.5 Jun 15

Unauthorized hook command execution in Cursor Desktop versions prior to 3.0.0 allows a malicious workspace to silently r

CVE-2025-59944 HIGH
8.0 Oct 03

Cursor is a code editor built for programming with AI. Versions 1.6.23 and below contain case-sensitive checks in the wa

CVE-2026-26268 HIGH
8.0 Feb 13

Cursor versions before 2.5 allow sandbox escape through improper .git configuration file protections, enabling malicious

CVE-2026-61613 HIGH
7.7 Jul 15

Server-side request forgery leading to code execution in Cursor's browser-enabled Cloud Agent lets attacker-controlled w

CVE-2025-61590 HIGH
7.5 Oct 03

Cursor is a code editor built for programming with AI. Versions 1.6 and below are vulnerable to Remote Code Execution (R

CVE-2025-61593 HIGH
7.1 Oct 03

Cursor is a code editor built for programming with AI. In versions 1.7 and below, a vulnerability in the way Cursor CLI

CVE-2025-61589 MEDIUM
5.9 Oct 03

Cursor is a code editor built for programming with AI. In versions 1.6 and below, Mermaid (a to render diagrams) allows

Share

CVE-2025-61592 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy