CVE-2025-61592 HIGH

CVE-2025-61592: Cursor CLI: Arbitrary Code Execution Possible through Permissive CLI Config

Vendor Cursor
Product cursor
Weakness CWE-829 · Inclusion from untrusted sphere
Published October 3, 2025
Last update October 3, 2025

CVSS base score

8.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Cursor is a code editor built for programming with AI. In versions 1.7 and below, automatic loading of project-specific CLI configuration from the current working directory (<project>/.cursor/cli.json) could override certain global configurations in Cursor CLI. This allowed users running the CLI inside a malicious repository to be vulnerable to Remote Code Execution through a combination of permissive configuration (allowing shell commands) and prompt injection delivered via project-specific Rules (<project>/.cursor/rules/rule.mdc) or other mechanisms. The fix for this issue is currently available as a patch 2025.09.17-25b418f. As of October 3, 2025 there is no release version.

Key dates

02Disclosure timeline

October 3, 2025 CVE published
October 3, 2025 Record updated