CNNVD-202510-457 Information

CNNVD ID

CNNVD-202510-457

Related CVE

CVE-2025-61590

• CNNVD Published: 2025-10-03

Description (Chinese)

Cursor是Cursor开源的一个 AI 代码编辑器。 Cursor 1.6及之前版本存在代码注入漏洞，该漏洞源于攻击者可通过Visual Studio Code Workspaces修改工作区设置，可能导致远程代码执行。

Description (English)

Cursor is an AI code editor at Cursor Open Source. Cursor 1.6 and previous versions had a code-infusion loophole, which stemmed from the fact that the assailant could modify the working-space settings through Visual Studio Code Works, which could lead to remote code execution.

Hazard Level

High

Vulnerability Type

代码注入

Affected Vendor

Cursor

Published

2025-10-03

Last Modified

2026-02-24

References

https://github.com/cursor/cursor/security/advisories/GHSA-xg6w-rmh5-r77r

Patch

https://cursor.com/download