VYPR
Unrated severityNVD Advisory· Published Nov 4, 2025· Updated Nov 7, 2025

Cursor: Authentication Bypass Possible via New Cursorignore Write

CVE-2025-64110

Description

Cursor is a code editor built for programming with AI. In versions 1.7.23 and below, a logic bug allows a malicious agent to read sensitive files that should be protected via cursorignore. An attacker who has already achieved prompt injection, or a malicious model, could create a new cursorignore file which can invalidate the configuration of pre-existing ones. This could allow a malicious agent to read protected files. This issue is fixed in version 2.0.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Getcursor/Cursorllm-fuzzy2 versions
    <=1.7.23+ 1 more
    • (no CPE)range: <=1.7.23
    • (no CPE)range: < 2.0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.