Prompt Injection Vulnerability in Cursor IDE Allows Arbitrary Command Execution

Threat: Vulnerability

Targeted Region: Global

Targeted Sector: Technology & IT

Criticality: High

EXECUTIVE SUMMARY:

A high-severity vulnerability has been identified in Cursor, the AI-powered code editor built on Visual Studio Code, which exposes users to prompt injection attacks through its integrated AI assistant, Copilot Chat. Tracked as CVE-2025-54135, the flaw arises from insecure handling of user input and AI prompts, potentially enabling attackers to execute arbitrary shell commands or exfiltrate sensitive data.

CVE-2025-54135: Assigned a high CVSS score 8.6, this vulnerability can be exploited by embedding malicious comments or prompts in project files. When such content is parsed by the AI assistant, it may be manipulated into running harmful commands, leaking files, or exposing secrets. The flaw is especially dangerous in collaborative coding environments where untrusted code is frequently opened.

This Cursor IDE flaw highlights the risks of AI-assisted development tools and emphasizes the need to apply prompt injection defenses and avoid untrusted project files.

RECOMMENDATION:

We strongly recommend you update Cursor to version 1.3 or later.

REFERENCES:

The following reports contain further technical details:

https://www.bleepingcomputer.com/news/security/ai-powered-cursor-ide-vulnerable-to-prompt-injection-attacks/

Recent Advisories

Vidar Stealer uses Memory Injection to Evade Browser Defenses and Steal Credentials

October 25, 2025

GitLab Vulnerabilities Trigger Unauthorized Access and System Disruption

October 23, 2025

Chrome V8 Engine Vulnerability Could Enable Remote Code Execution Attacks

October 22, 2025

Critical Command Injection Vulnerabilities Discovered in TP-Link Omada Gateway Devices

October 21, 2025

Prompt Injection Vulnerability in Cursor IDE Allows Arbitrary Command Execution

Recent Advisories

Report an Incident