CVE-2025-61592
BaseFortify
Publication date: 2025-10-03
Last updated on: 2025-10-09
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| anysphere | cursor | to 1.7 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-829 | The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Cursor, a code editor for programming with AI, in versions 1.7 and below. It involves the automatic loading of project-specific CLI configuration files from the current working directory, which can override global Cursor CLI settings. If a user runs the CLI inside a malicious repository, this can lead to Remote Code Execution due to permissive configurations that allow shell commands and prompt injection via project-specific rules or other mechanisms.
How can this vulnerability impact me? :
The vulnerability can allow an attacker to execute arbitrary code remotely on your system if you run the Cursor CLI inside a malicious repository. This can lead to full compromise of confidentiality, integrity, and availability of your system and data.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update Cursor to a version that includes the patch 2025.09.17-25b418f or later once it is released. Until then, avoid running Cursor CLI inside untrusted or potentially malicious project directories that contain .cursor/cli.json or .cursor/rules/rule.mdc files, as these can be used to execute remote code.