Platform
windows
Component
cursor
Fixed in
2.0.1
CVE-2025-64107 describes a Remote Code Execution (RCE) vulnerability affecting Cursor Code Editor versions up to 1.7.52. This flaw allows attackers to overwrite sensitive editor files without approval on Windows systems by exploiting insufficient backslash path manipulation detection. The vulnerability is fixed in version 2.0, and users are strongly advised to upgrade immediately.
The impact of this vulnerability is significant. A successful exploit allows an attacker to execute arbitrary code on the affected Windows machine. This could lead to complete system compromise, including data theft, malware installation, and lateral movement within the network. The ability to bypass the intended approval mechanism for file modifications amplifies the risk, as it allows attackers to silently inject malicious code into the editor's configuration or other critical files. This is particularly concerning given Cursor's use as a code editor, potentially allowing attackers to modify source code or project files.
This vulnerability was publicly disclosed on 2025-11-04. No public proof-of-concept (POC) has been released at the time of writing, but the ease of exploitation (requiring only prompt injection or similar initial access) suggests a potential for rapid exploitation. The CVSS score of 8.8 (HIGH) indicates a significant risk. It is not currently listed on the CISA KEV catalog.
Exploit Status
EPSS
0.08% (24% percentile)
CISA SSVC
CVSS Vector
The primary mitigation is to upgrade Cursor Code Editor to version 2.0 or later, which addresses the vulnerability. If upgrading immediately is not feasible, consider implementing stricter file access controls on the .cursor directory to limit write access to authorized users only. Monitor file system activity within the .cursor directory for any unexpected modifications, particularly those involving backslashes. While a WAF or proxy cannot directly mitigate this vulnerability, implementing robust endpoint detection and response (EDR) solutions can help detect and respond to malicious activity resulting from a successful exploit.
Actualice Cursor a la versión 2.0 o superior. La nueva versión corrige la vulnerabilidad de manipulación de rutas mediante barras invertidas en Windows. Esto evitará que un atacante pueda sobrescribir archivos sensibles del editor sin autorización.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-64107 is a Remote Code Execution vulnerability in Cursor Code Editor versions 1.7.52 and below. It allows attackers to overwrite files on Windows by manipulating paths with backslashes, bypassing approval mechanisms.
You are affected if you are using Cursor Code Editor version 1.7.52 or earlier on a Windows system. Upgrade to version 2.0 to resolve the vulnerability.
The recommended fix is to upgrade Cursor Code Editor to version 2.0. As a temporary workaround, restrict write access to the .cursor directory and monitor for suspicious file modifications.
While no public exploits are currently known, the vulnerability's ease of exploitation suggests a potential for active exploitation. Monitor your systems closely.
Refer to the official Cursor security advisory for detailed information and updates: [https://cursor.sh/security](https://cursor.sh/security)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.