CNNVD-202510-1950 Information

CNNVD ID

CNNVD-202510-1950

Related CVE

CVE-2025-36730

• CNNVD Published: 2025-10-14

Description (Chinese)

Windsurf是Windsurf公司的一款AI编程软件。 Windsurf 1.10.7版本存在安全漏洞，该漏洞源于在Write模式下使用SWE-1模型时可能创建附加到用户提示的文件名，导致Windsurf执行其指令。

Description (English)

Windsurf is an AI programming software for Windsurf. Windowsurf version 1.10.7 contains a security loophole that stems from the possibility of creating file names with user tips when using the SWE-1 model in Write mode, leading Windsurf to implement its instructions.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Windsurf

Published

2025-10-14

Last Modified

2026-02-24

References

https://www.tenable.com/security/research/tra-2025-47 https://access.redhat.com/security/cve/cve-2025-36730