Logic Bug in Cursor Code Editor Allows Unauthorized File Access

CVE-2025-64110

What is CVE-2025-64110?

CVE-2025-64110 is a vulnerability discovered in the Cursor code editor, which is designed primarily for programming with the assistance of artificial intelligence. This particular issue pertains to versions 1.7.23 and earlier, where a logic bug allows unauthorized access to sensitive files. The flaw arises when an attacker, having previously executed a prompt injection or utilized a malicious AI model, is able to create a new cursorignore file that overrides existing configurations meant to protect certain files. Consequently, this vulnerability enables an unauthorized agent to access files that should be safeguarded, posing significant risks to the integrity and confidentiality of an organization’s data.

Potential impact of CVE-2025-64110

1. Unauthorized File Access: The most immediate threat posed by this vulnerability is the ability of malicious actors to read sensitive files that should remain protected. This could include confidential business documents, source code, or any information deemed critical to the organization’s operations.

2. Data Breach Risk: With the ability to access sensitive information, there is a heightened risk of data breaches. This could lead to the exposure of proprietary data or personal information of employees and clients, resulting in legal repercussions and loss of trust among stakeholders.

3. Compromised System Integrity: This vulnerability may be a stepping stone for further exploits, potentially allowing attackers to gain deeper control over affected systems. Such compromises could facilitate additional malicious activities, including the deployment of malware or ransomware within the organization’s network.

References