Platform
vscode
Component
cursor
Fixed in
0.45.1
CVE-2025-32018 describes an Arbitrary File Access vulnerability discovered in Cursor, a code editor powered by AI. This regression, present in versions 0.45.0 through 0.48.6, allows the Cursor Agent to potentially write to files outside the intended workspace under specific conditions. While exploitation requires deliberate prompting and is considered highly impractical in real-world scenarios, it poses a risk to sensitive data. The vulnerability is resolved in Cursor version 0.48.7.
The core impact of CVE-2025-32018 lies in the potential for unauthorized file modification. An attacker, through carefully crafted prompts, could trick the Cursor Agent into writing data to arbitrary locations within the user's workspace. While the description emphasizes the impracticality of direct exploitation, the possibility of overwriting configuration files, source code, or other critical assets exists. The blast radius is limited to the user's workspace, but the consequences of successful modification could range from minor disruptions to complete compromise of the development environment. This vulnerability highlights the risks associated with AI-powered tools and the importance of robust security controls around agent behavior.
CVE-2025-32018 was publicly disclosed on April 8, 2025. Currently, there are no known public proof-of-concept exploits available. The vulnerability's description explicitly states that exploitation is highly impractical, suggesting a low probability of active exploitation. It is not listed on the CISA KEV catalog as of this writing.
Exploit Status
EPSS
0.22% (44% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-32018 is to upgrade to Cursor version 0.48.7 or later, which addresses the regression. In situations where immediate upgrading is not feasible, users should exercise extreme caution when interacting with the Cursor Agent, particularly when providing prompts. Limiting the scope of the workspace and restricting the Agent's access to sensitive directories can further reduce the risk. Consider implementing prompt validation and sanitization techniques to prevent malicious input. There are no specific WAF or proxy rules applicable to this vulnerability, as it stems from application logic.
Actualice Cursor a la versión 0.48.7 o superior. Esta versión corrige la vulnerabilidad de escritura arbitraria de archivos. La actualización se puede realizar a través de la interfaz de la aplicación o descargando la última versión desde el sitio web oficial.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-32018 is a HIGH severity vulnerability in Cursor versions 0.45.0 through 0.48.6 that allows unauthorized file modification within the workspace via crafted prompts.
You are affected if you are using Cursor versions 0.45.0 through 0.48.6. Upgrade to version 0.48.7 or later to resolve the issue.
Upgrade to Cursor version 0.48.7 or later. As a temporary workaround, exercise caution when using the Cursor Agent and restrict its access to sensitive files.
Currently, there are no known public exploits or confirmed active exploitation campaigns targeting CVE-2025-32018.
Refer to the official Cursor security advisory for detailed information and updates: [https://cursor.sh/security](https://cursor.sh/security)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.