CVE-2025-64107 Cursor is Vulnerable to Path Manipulation Using Backslashes on Windows

Cursor is a code editor built for programming with AI. In versions 1.7.52 and below, manipulating internal settings may lead to RCE. Cursor detects path manipulation via forward slashes ./.cursor/./././././mcp.json etc., and requires human approval to complete the operation. However, the same kin...