Platform
vscode
Component
cursor
Fixed in
1.7.1
CVE-2025-61590 is a Remote Code Execution (RCE) vulnerability affecting Cursor, a code editor built for programming with AI. This vulnerability allows attackers to execute arbitrary code through Visual Studio Code Workspaces, a feature that enables users to manage multiple folders and settings within a project. Versions 1.6 and earlier are vulnerable, and a fix is available in version 1.7.
The vulnerability stems from Cursor's handling of Visual Studio Code Workspaces. Workspaces, which utilize .code-workspace files, store project settings and folder configurations. An attacker could craft a malicious .code-workspace file that, when opened by a vulnerable Cursor instance, triggers the execution of arbitrary code. This could lead to complete system compromise, including data theft, malware installation, and unauthorized access to sensitive information. The attack vector is particularly concerning because users may unknowingly open malicious workspaces from untrusted sources, or if a malicious workspace is already present in their environment.
CVE-2025-61590 was publicly disclosed on 2025-10-03. The vulnerability's exploitation context is currently unclear, but the RCE nature and the reliance on workspace files suggest a potential for targeted attacks. There are no known public proof-of-concept exploits available at this time. The EPSS score is pending evaluation.
Exploit Status
EPSS
0.11% (30% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-61590 is to upgrade Cursor to version 1.7 or later, which includes the fix for this vulnerability. If upgrading is not immediately feasible, users should exercise extreme caution when opening .code-workspace files, especially those from untrusted sources. Consider temporarily disabling the automatic loading of workspaces if possible. While a WAF or proxy cannot directly mitigate this vulnerability, implementing strict file access controls and scanning for malicious .code-workspace files can provide an additional layer of defense. Regularly review and audit workspace configurations to identify and remove any suspicious entries.
Update Cursor to version 1.7 or higher. This version fixes the Remote Code Execution (RCE) vulnerability through manipulated .code-workspace files using prompt injection. The update prevents exploitation of this vulnerability.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-61590 is a Remote Code Execution vulnerability in Cursor, a code editor, allowing attackers to execute code through malicious Visual Studio Code Workspaces.
You are affected if you are using Cursor version 1.6 or earlier and have .code-workspace files in your environment, especially if those files originate from untrusted sources.
Upgrade Cursor to version 1.7 or later to resolve the vulnerability. Exercise caution when opening .code-workspace files until the upgrade is complete.
There are currently no confirmed reports of active exploitation, but the RCE nature of the vulnerability warrants caution.
Refer to the Cursor project's official website and release notes for the latest advisory and security updates: [https://cursor.sh/](https://cursor.sh/)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.