Primary

Context

Cursor Code Editor Path Manipulation Vulnerability Leading to Remote Code Execution on Windows

Vulnerability

A remote code execution vulnerability has been identified in the Cursor code editor, specifically in versions through 1.7.52. The issue arises from improper detection of path manipulation using backslashes, which allowed an attacker with prompt injection or similar control to overwrite sensitive editor files on Windows without required approval. This vulnerability exploits the application's internal settings management, bypassing safeguards that are normally triggered by forward slashes.

Impact

The vulnerability could be exploited to achieve remote code execution, particularly on Windows systems, by overwriting sensitive editor files. This manipulation could potentially be combined with prompt injection or the use of a malicious model to execute arbitrary code.

Remediation

Users should update to Cursor version 2.0, where this vulnerability has been addressed.

Added: Nov 4, 2025, 11:17 PM

Updated: Nov 4, 2025, 11:17 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

7.7

relevance

0.9

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

7.7

relevance

0.9

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Cursor Code Editor Path Manipulation Vulnerability Leading to Remote Code Execution on Windows

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating