CNNVD-202508-282 Information

CNNVD ID

CNNVD-202508-282

Related CVE

CVE-2025-54130

• CNNVD Published: 2025-08-05

Description (Chinese)

Cursor是Cursor开源的一个 AI 代码编辑器。 Cursor 1.3.9之前版本存在授权问题漏洞，该漏洞源于允许未经用户批准写入工作区文件，可能导致远程代码执行。

Description (English)

Cursor is an AI code editor at Cursor Open Source. The previous version of Cursor 1.3.9 had a bug in the delegation of authority, which stemmed from allowing the writing of workspace files without user approval and could lead to remote code implementation.

Hazard Level

Medium

Vulnerability Type

授权问题

Published

2025-08-05

Last Modified

2026-02-24

References

https://github.com/cursor/cursor/security/advisories/GHSA-vqv7-vq92-x87f https://access.redhat.com/security/cve/cve-2025-54130 https://nvd.nist.gov/vuln/detail/CVE-2025-54130

Patch

https://cursor.com/downloads