Vulnerability cyber

Cursor

May 26, 2025 1 min read
Cursor

A critical security vulnerability in Cursor, an AI-powered code editor for macOS, allows malicious software to bypass Apple’s privacy protections and access sensitive user data without authorization. The flaw, due to a misconfiguration in the Electron framework, enables attackers to execute arbitrary code with the app’s privacy permissions. This compromises the Transparency, Consent, and Control (TCC) framework, which protects user privacy on macOS systems. The vulnerability remains unpatched, posing a significant threat to users' sensitive information and potentially leading to data leaks and unauthorized access to hardware components.

Source: https://cybersecuritynews.com/vulnerability-in-popular-macos-app-cursor/

TPRM report: https://scoringcyber.rankiteo.com/company/cursorllc

"id": "cur635052625",
"linkid": "cursorllc",
"type": "Vulnerability",
"date": "5/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'industry': 'Software Development',
                        'name': 'Cursor',
                        'type': 'Software Application'}],
 'attack_vector': 'Misconfiguration in Electron framework, specifically '
                  'enabling of the RunAsNode fuse',
 'data_breach': {'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Sensitive documents',
                                              'Screenshots',
                                              'Audio recordings',
                                              'Camera activation']},
 'description': 'A critical security vulnerability has been discovered in '
                'Cursor, a popular AI-powered code editor for macOS, that '
                'enables malicious software to circumvent Apple’s built-in '
                'privacy protections and access sensitive user data without '
                'proper authorization.',
 'impact': {'data_compromised': ['Sensitive documents',
                                 'Screenshots',
                                 'Audio recordings',
                                 'Camera activation'],
            'systems_affected': ['macOS systems',
                                 'Cursor AI-powered code editor']},
 'initial_access_broker': {'entry_point': 'Misconfiguration in Electron '
                                          'framework',
                           'high_value_targets': ['Developers',
                                                  'AI-powered development '
                                                  'workflows']},
 'motivation': 'Access sensitive user data, compromise development '
               'environments',
 'post_incident_analysis': {'root_causes': 'Misconfiguration in Electron '
                                           'framework'},
 'references': [{'source': 'Afine'}],
 'title': 'Critical Security Vulnerability in Cursor AI-Powered Code Editor',
 'type': 'Security Vulnerability',
 'vulnerability_exploited': 'Misconfiguration in Electron framework'}
Published by
Jeremy C
Jeremy C
You might also like
Vulnerability cyber

SBI

public 1 min read
A significant security flaw identified in the YONO SBI banking application exposes millions of users to cybersecurity threats. The vulnerability,…
Jeremy C Jeremy C
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.