CVE-2025-54130— Cursor 授权问题漏洞

Cursor Agent is vulnerable prompt injection via Editor Special Files

Cursor is a code editor built for programming with AI. Cursor allows writing in-workspace files with no user approval in versions less than 1.3.9. If the file is a dotfile, editing it requires approval but creating a new one doesn't. Hence, if sensitive editor files, such as the .vscode/settings.json file don't already exist in the workspace, an attacker can chain a indirect prompt injection vulnerability to hijack the context to write to the settings file and trigger RCE on the victim without user approval. This is fixed in version 1.3.9.

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

授权机制不恰当

Cursor 授权问题漏洞

Cursor是Cursor开源的一个 AI 代码编辑器。 Cursor 1.3.9之前版本存在授权问题漏洞，该漏洞源于允许未经用户批准写入工作区文件，可能导致远程代码执行。

N/A

N/A