CVE-2025-61589
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-03

Last updated on: 2025-10-20

Assigner: GitHub, Inc.

Description
Cursor is a code editor built for programming with AI. In versions 1.6 and below, Mermaid (a to render diagrams) allows embedding images which then get rendered by Cursor in the chat box. An attacker can use this to exfiltrate sensitive information to a third-party attacker controlled server through an image fetch after successfully performing a prompt injection. A malicious model (or hallucination/backdoor) might also trigger this exploit at will. This issue requires prompt injection from malicious data (web, image upload, source code) in order to exploit. In that case, it can send sensitive information to an attacker-controlled external server. Some additional bypasses not covered in the initial fix to this issue were discovered, see GHSA-43wj-mwcc-x93p. This issue is fixed in version 1.7.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-03
Last Modified
2025-10-20
Generated
2026-06-16
AI Q&A
2025-10-03
EPSS Evaluated
2026-06-15
NVD
CVE-2025-61589
EUVD
EUVD-2025-33215
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
anysphere cursor to 1.7 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-200 The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in Cursor versions 1.6 and below, where the Mermaid diagram rendering feature allows embedding images that get rendered in the chat box. An attacker can exploit this by performing a prompt injection, causing the application to fetch images from an attacker-controlled server, thereby exfiltrating sensitive information. The exploit requires malicious input such as web data, image uploads, or source code to trigger the prompt injection. Additionally, malicious models or backdoors might trigger this exploit intentionally. The issue is fixed in version 1.7.

Impact Analysis

This vulnerability can lead to the exfiltration of sensitive information from the Cursor application to an attacker-controlled external server. This means that confidential data processed or stored within Cursor could be leaked without user consent, potentially compromising privacy and security.

Mitigation Strategies

Upgrade Cursor to version 1.7 or later, as this version contains the fix for the vulnerability. Avoid using versions 1.6 and below where the issue exists. Additionally, be cautious of prompt injections from malicious data sources such as web inputs, image uploads, or source code to prevent exploitation.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-61589. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart