CVE-2025-61590 — Cursor vulnerability

1 documents1 sources

Severity

7.5HIGHNVD

EPSS

0.1%

top 70.32%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Anysphere Cursor

Timeline

PublishedOct 3

Description

Cursor is a code editor built for programming with AI. Versions 1.6 and below are vulnerable to Remote Code Execution (RCE) attacks through Visual Studio Code Workspaces. Workspaces allow users to open more than a single folder and save specific settings (pretty similar to .vscode/settings.json) for the folders / project. An untitled workspace is automatically created by VS Code (untitled.code-workspace), which contains all the folders and workspace settings from the user's current session, open…

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages1 packages

▶NVDanysphere/cursor< 1.7