CVE-2025-64108
Published: 04 November 2025
Description
Adversaries may modify host software binaries to establish persistent access to systems.
Security Summary
CVE-2025-64108 is a high-severity vulnerability (CVSS v3.1 score of 8.8) in Cursor, an AI-powered code editor for programming, affecting versions 1.7.44 and below. It arises from various NTFS path quirks (mapped to CWE-22: Path Traversal and CWE-94: Code Injection) that allow a prompt injection attacker to circumvent protections on sensitive files, enabling overwrites of files that normally require human approval. Modifying certain protected files can lead to remote code execution (RCE). The flaw is limited to systems supporting NTFS.
Exploitation requires chaining with a prompt injection or malicious model attachment. An attacker with low privileges (PR:L) can trigger it over the network (AV:N) with low attack complexity (AC:L) and no user interaction (UI:N), potentially achieving high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H) through RCE.
Cursor has addressed the issue in version 2.0. Additional details are available in the GitHub security advisory at https://github.com/cursor/cursor/security/advisories/GHSA-6r98-6qcw-rxrw.
Details
- CWE(s)
Affected Products
AI Security Analysis
- AI Category
- Enterprise AI Assistants
- Risk Domain
- LLM/Generative AI Risks
- OWASP Top 10 for LLMs 2025
- None mapped
- MITRE ATLAS Techniques
- None mapped
- Classification Reason
- Cursor is an AI-powered code editor for programming, fitting the Enterprise AI Assistants category as it integrates AI (likely LLMs) for code assistance, and the vulnerability involves AI-specific prompt injection.
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability uses NTFS path quirks to bypass application protections requiring human approval for overwriting sensitive files, enabling exploitation for defense evasion (T1211). Overwriting protected files facilitates compromising host software binaries to achieve RCE (T1554).