Platform
vscode
Component
cursor
Fixed in
1.7.1
CVE-2025-61593 describes a remote code execution (RCE) vulnerability discovered in Cursor CLI Agent, a component of the Cursor code editor. Attackers can exploit this flaw through prompt injection to modify sensitive files, potentially gaining control of the system. This vulnerability affects versions of Cursor CLI Agent up to and including 1.7, and a fix is available in version 1.7.1.
The vulnerability lies in the inadequate protection of sensitive files within the Cursor CLI Agent (specifically, */.cursor/cli.json). A malicious actor can leverage prompt injection techniques to manipulate the contents of these files. On case-insensitive filesystems, this manipulation can lead to arbitrary code execution. The potential impact is significant, as an attacker could gain full control over the system running the Cursor CLI Agent, potentially accessing sensitive data, installing malware, or pivoting to other systems on the network. This resembles other prompt injection vulnerabilities where file system access is compromised.
This vulnerability was publicly disclosed on October 3, 2025. As of the current date, no public proof-of-concept (PoC) exploits have been widely reported. The EPSS score is pending evaluation. It is recommended to monitor security advisories and threat intelligence feeds for any signs of active exploitation.
Exploit Status
EPSS
0.12% (31% percentile)
CISA SSVC
CVSS Vector
The primary mitigation is to immediately upgrade Cursor CLI Agent to version 1.7.1 or later, which includes the necessary fix. If upgrading is not immediately feasible due to compatibility issues or testing requirements, consider temporarily restricting access to the Cursor CLI Agent and its associated files. While a direct workaround is not available, implementing strict input validation and sanitization within the prompt processing logic could reduce the attack surface. After upgrading, verify the fix by attempting a prompt injection attack and confirming that the sensitive files remain protected.
Actualice Cursor a una versión posterior a la 1.7 una vez que esté disponible. La vulnerabilidad se soluciona en el commit 25b418f. Esté atento a los avisos de seguridad de Cursor para obtener la versión corregida.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-61593 is a remote code execution vulnerability in Cursor CLI Agent versions 1.7 and below. Prompt injection allows attackers to modify sensitive files, potentially leading to full system control.
Yes, if you are using Cursor CLI Agent version 1.7 or earlier, you are affected by this vulnerability. Upgrade to 1.7.1 to mitigate the risk.
Upgrade Cursor CLI Agent to version 1.7.1 or later. This version includes a fix for the prompt injection vulnerability.
As of the current date, there are no confirmed reports of active exploitation, but it's crucial to apply the patch promptly.
Refer to the official Cursor security advisory for detailed information and updates: [https://cursor.sh/security](https://cursor.sh/security)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.