Plataforma
vscode
Componente
cursor
Corrigido em
1.7.1
CVE-2025-61593 describes a remote code execution (RCE) vulnerability discovered in Cursor CLI Agent, a component of the Cursor code editor. Attackers can exploit this flaw through prompt injection to modify sensitive files, potentially gaining control of the system. This vulnerability affects versions of Cursor CLI Agent up to and including 1.7, and a fix is available in version 1.7.1.
The vulnerability lies in the inadequate protection of sensitive files within the Cursor CLI Agent (specifically, */.cursor/cli.json). A malicious actor can leverage prompt injection techniques to manipulate the contents of these files. On case-insensitive filesystems, this manipulation can lead to arbitrary code execution. The potential impact is significant, as an attacker could gain full control over the system running the Cursor CLI Agent, potentially accessing sensitive data, installing malware, or pivoting to other systems on the network. This resembles other prompt injection vulnerabilities where file system access is compromised.
This vulnerability was publicly disclosed on October 3, 2025. As of the current date, no public proof-of-concept (PoC) exploits have been widely reported. The EPSS score is pending evaluation. It is recommended to monitor security advisories and threat intelligence feeds for any signs of active exploitation.
Developers and users of the Cursor code editor who are running versions 1.7 or earlier of the Cursor CLI Agent are at risk. This includes individuals using Cursor for AI-assisted coding and those who store sensitive project data within the Cursor environment. Shared hosting environments where multiple users share the same Cursor CLI Agent instance are particularly vulnerable.
• vscode / supply-chain: Examine Cursor CLI Agent configuration files (/.cursor/cli.json) for unexpected or malicious content. Use VS Code's built-in search to look for suspicious patterns or injected code. • generic web: Monitor network traffic for unusual connections or data exfiltration attempts originating from the Cursor CLI Agent process. • generic web: Review system logs for errors or warnings related to prompt processing or file access within the Cursor CLI Agent.
disclosure
patch
Status do Exploit
EPSS
0.12% (percentil 31%)
CISA SSVC
Vetor CVSS
The primary mitigation is to immediately upgrade Cursor CLI Agent to version 1.7.1 or later, which includes the necessary fix. If upgrading is not immediately feasible due to compatibility issues or testing requirements, consider temporarily restricting access to the Cursor CLI Agent and its associated files. While a direct workaround is not available, implementing strict input validation and sanitization within the prompt processing logic could reduce the attack surface. After upgrading, verify the fix by attempting a prompt injection attack and confirming that the sensitive files remain protected.
Actualice Cursor a una versión posterior a la 1.7 una vez que esté disponible. La vulnerabilidad se soluciona en el commit 25b418f. Esté atento a los avisos de seguridad de Cursor para obtener la versión corregida.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2025-61593 is a remote code execution vulnerability in Cursor CLI Agent versions 1.7 and below. Prompt injection allows attackers to modify sensitive files, potentially leading to full system control.
Yes, if you are using Cursor CLI Agent version 1.7 or earlier, you are affected by this vulnerability. Upgrade to 1.7.1 to mitigate the risk.
Upgrade Cursor CLI Agent to version 1.7.1 or later. This version includes a fix for the prompt injection vulnerability.
As of the current date, there are no confirmed reports of active exploitation, but it's crucial to apply the patch promptly.
Refer to the official Cursor security advisory for detailed information and updates: [https://cursor.sh/security](https://cursor.sh/security)
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.