CVE-2025-61592

Name of the Vulnerable Software and Affected Versions Cursor versions 1.7 and below

Description Cursor, a code editor for programming with AI, has an issue where automatic loading of project-specific CLI configuration from the current working directory (<project>/.cursor/cli.json) could override global configurations. This allowed users running the CLI inside a malicious repository to be vulnerable to Remote Code Execution through a combination of permissive configuration and prompt injection delivered via project-specific Rules (<project>/.cursor/rules/rule.mdc) or other mechanisms. The vulnerable configuration allows shell commands to be executed.

Recommendations Update to patch 2025.09.17-25b418f.