Vulnerability cyber

Cursor

Aug 1, 2025 1 min read
Cursor

A vulnerability called CurXecute in the AI-powered code editor Cursor allows attackers to execute remote code with developer privileges. This vulnerability, identified as CVE-2025-54135, can be exploited by feeding the AI agent a malicious prompt, leading to ransomware and data theft incidents. The Cursor IDE relies on AI agents to help developers code faster, but this vulnerability exposes it to external, untrusted data that can compromise the agent's control flow. A hacker could hijack the agent's session and privileges to act on behalf of the user, potentially leading to significant data leaks and other malicious activities. The vulnerability was reported and patched, with the latest version of Cursor addressing the issue.

Source: https://www.bleepingcomputer.com/news/security/ai-powered-cursor-ide-vulnerable-to-prompt-injection-attacks/

TPRM report: https://scoringcyber.rankiteo.com/company/cursorllc

"id": "cur837080125",
"linkid": "cursorllc",
"type": "Vulnerability",
"date": "8/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'industry': 'Technology',
                        'name': 'Cursor',
                        'type': 'Software Company'}],
 'attack_vector': ['Prompt-injection attack'],
 'date_detected': '2025-07-07',
 'date_publicly_disclosed': '2025-07-29',
 'date_resolved': '2025-07-29',
 'description': 'A vulnerability called CurXecute in the AI-powered code '
                'editor Cursor allows remote code execution with developer '
                'privileges. It can be exploited by feeding the AI agent a '
                'malicious prompt, potentially leading to ransomware and data '
                'theft incidents.',
 'impact': {'systems_affected': ['Cursor IDE']},
 'initial_access_broker': {'entry_point': 'MCP Server'},
 'investigation_status': 'Resolved',
 'motivation': ['Ransomware', 'Data Theft', 'AI Manipulation'],
 'post_incident_analysis': {'corrective_actions': 'Patch released to fix the '
                                                  'vulnerability.',
                            'root_causes': 'Exposure to external, untrusted '
                                           'data affecting control flow.'},
 'recommendations': ['Download and install the latest version of Cursor to '
                     'avoid known security risks.'],
 'references': [{'source': 'BleepingComputer'}],
 'response': {'communication_strategy': ['Security advisory published'],
              'remediation_measures': ['Patch released in Cursor version 1.3']},
 'title': 'CurXecute Vulnerability in Cursor IDE',
 'type': 'Vulnerability Exploitation',
 'vulnerability_exploited': 'CVE-2025-54135'}
Published by
Jeremy C
Jeremy C
You might also like
Vulnerability cyber

SUSE

public 1 min read
A critical security vulnerability in SUSE Manager allows unauthenticated attackers to execute arbitrary commands with root privileges. This flaw, tracked…
Jeremy C Jeremy C
Vulnerability cyber

CrushFTP

public 1 min read
A significant zero-day vulnerability in CrushFTP has been disclosed, allowing unauthenticated attackers to achieve complete remote code execution on vulnerable…
Jeremy C Jeremy C
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.