Name of the Vulnerable Software and Affected Versions:

Cursor versions (affected versions not specified)

Description:

A vulnerability, named CurXecute (CVE-2025-54135), enables prompt-injection attacks leading to remote code execution. Exploitation could lead to ransomware and data theft. The vulnerability allows attackers to run remote code by posting in a public channel, with automatic execution occurring without prompts or approval.

Recommendations:

At the moment, there is no information about a newer version that contains a fix for this vulnerability.