CVE-2025-61592

CVE-2025-61592 is a high-severity vulnerability (CVSS 8.8, CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) affecting Cursor, an AI-powered code editor for programming, in versions 1.7 and below. The issue stems from the Cursor CLI's automatic loading of project-specific configuration from the current working directory file .cursor/cli.json, which can override certain global configurations. This flaw, classified under CWE-829 (Inclusion of Functionality from Untrusted Control Sphere), enables remote code execution when combined with permissive configuration settings that allow shell commands and prompt injection delivered through project-specific rules in .cursor/rules/rule.mdc or other mechanisms.

The attack requires a user to run the Cursor CLI inside a malicious repository, typically after cloning it via social engineering or other user interaction (UI:R). No privileges are needed from the attacker (PR:N), who can achieve network-accessible exploitation (AV:N) with low complexity (AC:L). Successful exploitation leads to high-impact compromise of confidentiality, integrity, and availability (C:H/I:H/A:H) through arbitrary code execution on the victim's system.

The official advisory is available at https://github.com/cursor/cursor/security/advisories/GHSA-v64q-396f-7m79. Mitigation is provided via patch 2025.09.17-25b418f, released prior to the CVE publication on October 3, 2025, though no stable release version incorporates the fix as of that date.