VYPR
Unrated severityNVD Advisory· Published Oct 3, 2025· Updated Oct 3, 2025

Cursor CLI: Arbitrary Code Execution Possible through Permissive CLI Config

CVE-2025-61592

Description

Cursor is a code editor built for programming with AI. In versions 1.7 and below, automatic loading of project-specific CLI configuration from the current working directory (/.cursor/cli.json) could override certain global configurations in Cursor CLI. This allowed users running the CLI inside a malicious repository to be vulnerable to Remote Code Execution through a combination of permissive configuration (allowing shell commands) and prompt injection delivered via project-specific Rules (/.cursor/rules/rule.mdc) or other mechanisms. The fix for this issue is currently available as a patch 2025.09.17-25b418f. As of October 3, 2025 there is no release version.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Getcursor/Cursorllm-fuzzy2 versions
    <=1.7+ 1 more
    • (no CPE)range: <=1.7
    • (no CPE)range: <= 1.7

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.

CVE-2025-61592 · VYPR