Plattform
windows
Komponente
cursor
Behoben in
2.0.1
CVE-2025-64107 describes a Remote Code Execution (RCE) vulnerability affecting Cursor Code Editor versions up to 1.7.52. This flaw allows attackers to overwrite sensitive editor files without approval on Windows systems by exploiting insufficient backslash path manipulation detection. The vulnerability is fixed in version 2.0, and users are strongly advised to upgrade immediately.
The impact of this vulnerability is significant. Successful exploitation allows an attacker to execute arbitrary code on the affected Windows machine. This could lead to complete system compromise, including data theft, malware installation, and lateral movement within the network. The ability to overwrite editor files without approval means an attacker can modify code, inject malicious scripts, or disable security features, effectively taking control of the development environment. This is particularly concerning given Cursor's focus on AI-assisted coding, where compromised code could be integrated into production systems.
This vulnerability is actively being tracked and is considered a high-probability exploit due to the ease of exploitation and the lack of robust mitigation strategies prior to the patch. Public proof-of-concept (POC) code is likely to emerge, further increasing the risk. The vulnerability was publicly disclosed on 2025-11-04. It is not currently listed on CISA KEV as of this writing.
Developers and organizations using Cursor Code Editor on Windows systems are at risk, particularly those who have already experienced prompt injection vulnerabilities or other forms of initial access to the system. Shared hosting environments where multiple users have access to the .cursor directory are also at increased risk.
• windows / supply-chain:
Get-ChildItem -Path "$env:APPDATA\.cursor" -Recurse -Filter "mcp.json" | Select-Object FullName• windows / supply-chain:
Get-Acl -Path "$env:APPDATA\.cursor\mcp.json" | Format-List• windows / supply-chain:
Check Windows Defender for alerts related to file modifications within the $env:APPDATA\.cursor directory, specifically looking for suspicious backslash sequences.
disclosure
Exploit-Status
EPSS
0.08% (24% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation is to upgrade Cursor Code Editor to version 2.0 or later, which addresses the backslash path manipulation vulnerability. If upgrading immediately is not feasible, consider implementing stricter file access controls on the .cursor directory to limit write access to authorized users only. Monitor system logs for unusual file modification activity, particularly within the .cursor directory. While a WAF or proxy cannot directly mitigate this vulnerability, they can be configured to detect and block suspicious network traffic associated with file manipulation attempts. After upgrading, confirm the fix by attempting to create a file within the .cursor directory using a backslash sequence (e.g., ./.cursor/./././././mcp.json) and verifying that the operation is blocked.
Actualice Cursor a la versión 2.0 o superior. La nueva versión corrige la vulnerabilidad de manipulación de rutas mediante barras invertidas en Windows. Esto evitará que un atacante pueda sobrescribir archivos sensibles del editor sin autorización.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-64107 is a Remote Code Execution vulnerability in Cursor Code Editor versions 1.7.52 and below. It allows attackers to overwrite files on Windows by manipulating paths with backslashes, bypassing approval mechanisms.
You are affected if you are using Cursor Code Editor version 1.7.52 or earlier on a Windows system. Upgrade to version 2.0 to resolve the vulnerability.
The recommended fix is to upgrade Cursor Code Editor to version 2.0. As a temporary workaround, restrict write access to the .cursor directory and monitor for suspicious file modifications.
While no public exploits are currently known, the vulnerability's ease of exploitation suggests a potential for active exploitation. Monitor your systems closely.
Refer to the official Cursor security advisory for detailed information and updates: [https://cursor.sh/security](https://cursor.sh/security)
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.