CVE-2025-59944

CVE-2025-59944 affects Cursor, an AI-powered code editor for programming, specifically versions 1.6.23 and below. The vulnerability stems from case-sensitive checks used to protect sensitive files, such as those in the .cursor directory like mcp.json. This allows attackers to bypass protections and modify these files via prompt injection attacks, particularly on case-insensitive filesystems, ultimately enabling remote code execution.

Attackers with low privileges (PR:L) can exploit this over the network (AV:N) but require high attack complexity (AC:H), user interaction (UI:R), and a changed scope (S:C). By injecting malicious prompts into the AI features, they can alter sensitive file contents, achieving high confidentiality, integrity, and availability impacts (C:H/I:H/A:H), resulting in full remote code execution on the victim's system.

The GitHub Security Advisory at https://github.com/cursor/cursor/security/advisories/GHSA-xcwh-rrwj-gxc7 details the issue and confirms it is fixed in Cursor version 1.7, recommending users upgrade immediately to mitigate the risk.

This vulnerability highlights prompt injection risks in AI-assisted development tools, where filesystem assumptions like case sensitivity can be exploited for code execution. No real-world exploitation has been reported as of the CVE publication on 2025-10-03.