CVE-2025-64107

Name of the Vulnerable Software and Affected Versions Cursor versions 1.7.52 and below

Description Cursor, a code editor built for programming with AI, is susceptible to remote code execution (RCE) due to improper handling of path manipulation. The editor correctly detects and requires approval for path manipulation attempts using forward slashes. However, it fails to detect similar manipulation using backslashes on Windows machines. This allows an attacker with existing prompt injection or control to overwrite sensitive editor files without authorization.

Recommendations Update to version 2.0.