CVE-2025-59944 - Vulnerability Details - OpenCVE

Cursor is a code editor built for programming with AI. Versions 1.6.23 and below contain case-sensitive checks in the way Cursor IDE protects its sensitive files (e.g., */.cursor/mcp.json), which allows attackers to modify the content of these files through prompt injection and achieve remote code execution. A prompt injection can lead to full RCE through modifying sensitive files on case-insensitive fileystems. This issue is fixed in version 1.7.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Exploitation none

Automatable no

Technical Impact total

No data.

No data.

No data.

No data.

References

Link	Providers
https://github.com/cursor/cursor/security/advisories/GHSA-xcwh-rrwj-gxc7

History

Fri, 03 Oct 2025 21:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Fri, 03 Oct 2025 20:30:00 +0000

Type	Values Removed	Values Added
Description		Cursor is a code editor built for programming with AI. Versions 1.6.23 and below contain case-sensitive checks in the way Cursor IDE protects its sensitive files (e.g., */.cursor/mcp.json), which allows attackers to modify the content of these files through prompt injection and achieve remote code execution. A prompt injection can lead to full RCE through modifying sensitive files on case-insensitive fileystems. This issue is fixed in version 1.7.
Title		Cursor IDE: Sensitive File Overwrite Bypass is Possible
Weaknesses		CWE-178
References		https://github.com/cursor/cursor/security/advisories/GHSA-xcwh-rrwj-gxc7
Metrics		cvssV3_1 `{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2025-10-03T20:15:30.678Z

Updated: 2025-10-03T20:43:03.394Z

Reserved: 2025-09-23T14:33:49.505Z

Link: CVE-2025-59944

Vulnrichment

Updated: 2025-10-03T20:42:39.751Z

NVD

Status : Received

Published: 2025-10-03T21:15:34.913

Modified: 2025-10-03T21:15:34.913

Link: CVE-2025-59944

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-59944", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-09-23T14:33:49.505Z", "datePublished": "2025-10-03T20:15:30.678Z", "dateUpdated": "2025-10-03T20:43:03.394Z"}, "containers": {"cna": {"title": "Cursor IDE: Sensitive File Overwrite Bypass is Possible", "problemTypes": [{"descriptions": [{"cweId": "CWE-178", "lang": "en", "description": "CWE-178: Improper Handling of Case Sensitivity", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/cursor/cursor/security/advisories/GHSA-xcwh-rrwj-gxc7", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/cursor/cursor/security/advisories/GHSA-xcwh-rrwj-gxc7"}], "affected": [{"vendor": "cursor", "product": "cursor", "versions": [{"version": "< 1.7", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-10-03T20:15:30.678Z"}, "descriptions": [{"lang": "en", "value": "Cursor is a code editor built for programming with AI. Versions 1.6.23 and below contain case-sensitive checks in the way Cursor IDE protects its sensitive files (e.g., */.cursor/mcp.json), which allows attackers to modify the content of these files through prompt injection and achieve remote code execution. A prompt injection can lead to full RCE through modifying sensitive files on case-insensitive fileystems. This issue is fixed in version 1.7."}], "source": {"advisory": "GHSA-xcwh-rrwj-gxc7", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-10-03T20:42:37.081089Z", "id": "CVE-2025-59944", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-03T20:43:03.394Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-59944", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-10-03T20:42:37.081089Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-03T20:42:39.751Z"}}], "cna": {"title": "Cursor IDE: Sensitive File Overwrite Bypass is Possible", "source": {"advisory": "GHSA-xcwh-rrwj-gxc7", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "cursor", "product": "cursor", "versions": [{"status": "affected", "version": "< 1.7"}]}], "references": [{"url": "https://github.com/cursor/cursor/security/advisories/GHSA-xcwh-rrwj-gxc7", "name": "https://github.com/cursor/cursor/security/advisories/GHSA-xcwh-rrwj-gxc7", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "Cursor is a code editor built for programming with AI. Versions 1.6.23 and below contain case-sensitive checks in the way Cursor IDE protects its sensitive files (e.g., */.cursor/mcp.json), which allows attackers to modify the content of these files through prompt injection and achieve remote code execution. A prompt injection can lead to full RCE through modifying sensitive files on case-insensitive fileystems. This issue is fixed in version 1.7."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-178", "description": "CWE-178: Improper Handling of Case Sensitivity"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-10-03T20:15:30.678Z"}}}, "cveMetadata": {"cveId": "CVE-2025-59944", "state": "PUBLISHED", "dateUpdated": "2025-10-03T20:43:03.394Z", "dateReserved": "2025-09-23T14:33:49.505Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2025-10-03T20:15:30.678Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}