CVE-2025-61590
BaseFortify
Publication date: 2025-10-03
Last updated on: 2025-10-17
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| anysphere | cursor | to 1.7 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects Cursor, a code editor for programming with AI, in versions 1.6 and below. It allows Remote Code Execution (RCE) attacks through Visual Studio Code Workspaces. An attacker who can hijack the chat context of a victim (for example, via a compromised MCP server) can perform prompt injection to make the Cursor Agent write into the .code-workspace file, modifying the workspace settings. This modification bypasses a previous vulnerability (CVE-2025-54130) and can lead to RCE by altering the settings section. The issue is fixed in version 1.7.
How can this vulnerability impact me? :
This vulnerability can allow an attacker to execute arbitrary code remotely on your system by manipulating the workspace settings file through prompt injection. This could lead to full compromise of the affected system, including unauthorized access, data theft, or disruption of services.
What immediate steps should I take to mitigate this vulnerability?
Upgrade Cursor to version 1.7 or later, as this version fixes the vulnerability. Additionally, avoid using or opening untrusted .code-workspace files and be cautious of compromised MCP servers that could hijack chat context to perform prompt injection attacks.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
To detect this vulnerability on your system, you should check for the presence of `.code-workspace` files (including untitled.code-workspace) that may have been modified unexpectedly, especially in Cursor versions 1.6 and below. Monitoring these files for unauthorized changes can indicate exploitation attempts. Since the vulnerability involves manipulation of the `settings` section in these workspace files, inspecting their contents for suspicious or unexpected entries is recommended. Additionally, verifying the installed Cursor version to ensure it is 1.7 or later will confirm if the system is patched. Specific commands to assist detection include: - To find `.code-workspace` files: `find /path/to/user/home -name '*.code-workspace'` - To check modification times (to spot recent changes): `ls -l --time=modify /path/to/*.code-workspace` - To inspect contents for suspicious settings (e.g., via grep or jq): `jq '.' /path/to/file.code-workspace` - To check Cursor version: `cursor --version` or check the installed package version. Network detection is challenging due to the nature of the attack (prompt injection via hijacked chat context), so focus on file integrity monitoring and version auditing. [1]