Security Advisory

CVE-2025-64110

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-11-04 23:24:46

Last updated 2025-11-07 14:26:39

Assigner GitHub_M

State PUBLISHED

Description

Cursor is a code editor built for programming with AI. In versions 1.7.23 and below, a logic bug allows a malicious agent to read sensitive files that should be protected via cursorignore. An attacker who has already achieved prompt injection, or a malicious model, could create a new cursorignore file which can invalidate the configuration of pre-existing ones. This could allow a malicious agent to read protected files. This issue is fixed in version 2.0.

← Browse all CVEs View on cve.org ↗