CVE-2025-54130

Name of the Vulnerable Software and Affected Versions Cursor versions prior to 1.3.9

Description Cursor, a code editor built for programming with AI, allows writing in-workspace files without user approval in affected versions. Specifically, creating new dotfiles does not require approval, while editing existing ones does. This allows an attacker to chain an indirect prompt injection vulnerability to hijack the context and write to sensitive editor files, such as the .vscode/settings.json file, potentially triggering Remote Code Execution (RCE) on the victim's machine without user approval.

Recommendations Update to version 1.3.9 or later.