CVE-2025-62354

Improper neutralization of special elements used in an OS command 'command injection' in Cursor allows an unauthorized attacker to execute commands that are outside of those specified in the allowlist, resulting in arbitrary code execution...

CVE-2025-64108 Cursor's Sensitive File Modification can Lead to NTFS Path Quirks

Cursor is a code editor built for programming with AI. In versions 1.7.44 and below, various NTFS path quirks allow a prompt injection attacker to circumvent sensitive file protections and overwrite files which Cursor requires human approval to overwrite. Modification of some of the protected fil...

PT-2025-34759 · Cursor · Cursor

Name of the Vulnerable Software and Affected Versions: Cursor version 15.4.1 Description: The configuration of Cursor on macOS, specifically the "RunAsNode" fuse enabled, allows a local attacker with unprivileged access to execute arbitrary code that inherits Cursor TCC Transparency, Consent, and...

CVE-2025-54135

Cursor is a code editor built for programming with AI. Cursor allows writing in-workspace files with no user approval in versions below 1.3.9, If the file is a dotfile, editing it requires approval but creating a new one doesn't. Hence, if sensitive MCP files, such as the .cursor/mcp.json file...

PT-2025-31702

Name of the Vulnerable Software and Affected Versions Cursor versions 1.2.4 and earlier Description Cursor is a code editor designed for AI-assisted programming. A flaw, dubbed MCPoison CVE-2025-54136, allows attackers to achieve remote and persistent code execution. This is accomplished by...