216.73.216.169

CVE-2025-64108

· Published 04/11/2025 23:15 · Modified 10/11/2025 18:38

Labels: CVE-2025-64108 2025-11-04CVE-2025-64108CWE-22[email protected]

Essential information

Published
04/11/2025 23:15
Modified
10/11/2025 18:38
Author
Creator
CVSS
8.8 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS metrics

Description

Cursor is a code editor built for programming with AI. In versions 1.7.44 and below, various NTFS path quirks allow a prompt injection attacker to circumvent sensitive file protections and overwrite files which Cursor requires human approval to overwrite. Modification of some of the protected files can lead to RCE. Must be chained with a prompt injection or malicious model attach. Only affects systems supporting NTFS. This issue is fixed in version 2.0.

NVD status

Status
Analyzed — CVE has had analysis completed and all data associations made.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
anysphere / cursor cpe:2.3:a:anysphere:cursor:*:*:*:*:*:*:*:*

References