Login
institutional access

You are connecting from
Lake Geneva Public Library,
please login or register to take advantage of your institution's Ground News Plan.

Published loading...Updated

AI-powered Cursor IDE vulnerable to prompt-injection attacks

NO LOC, AUG 01 – A high-severity flaw in Cursor AI editor allowed remote code execution via prompt injection; patched in version 1.3 after private disclosure, with a CVSS score of 8.6, researchers said.

Summary by BleepingComputer
A vulnerability that researchers call CurXecute is present in almost all versions of the AI-powered code editor Cursor, and can be exploited to execute remote code with developer privileges.

5 Articles

CyberScoopCyberScoop
Center

Cursor’s AI coding agent morphed ‘into local shell’ with one-line prompt attack

Threat researchers at AimLabs on Friday disclosed a data-poisoning attack affecting the AI-powered code editing software Cursor that would have given an attacker remote code execution privileges over user devices. According to AimLabs, the flaw was reported to Cursor on July 7 and a patch was included in an update one day later for version 1.3 of Cursor. All previous versions of the software remain “susceptible to remote-code execution triggered…

Read Full Article
BleepingComputerBleepingComputer
Center

AI-powered Cursor IDE vulnerable to prompt-injection attacks

A vulnerability that researchers call CurXecute is present in almost all versions of the AI-powered code editor Cursor, and can be exploited to execute remote code with developer privileges.

Read Full Article
WebProNewsWebProNews

Cursor AI Editor Flaw Enabled Prompt Injection Attacks, Now Patched

In the rapidly evolving world of AI-assisted software development, a recent security vulnerability in the popular Cursor AI code editor has underscored the precarious balance between innovation and risk. The flaw, which allowed attackers to execute arbitrary commands on users’ machines through prompt injection techniques, was patched in the editor’s version 1.3 update. This incident highlights how AI tools, designed to streamline coding workflow…

Read Full Article
cybernoz.comcybernoz.com

Cursor AI Code Editor Fixed Flaw Allowing Attackers To Run Commands Via Prompt Injection - Cybernoz - Cybersecurity News

Cybersecurity researchers have disclosed a now-patched, high-severity security flaw in Cursor, a popular artificial intelligence (AI) code editor, that could result in remote code execution. The vulnerability, tracked as CVE-2025-54135 (CVSS score: 8.6), has been addressed in version 1.3 released on July 29, 2025. It has been codenamed CurXecute by Aim Labs, which previously disclosed EchoLeak. “Cursor runs with developer‑level privileges, and w…

Read Full Article
The Hacker NewsThe Hacker News

Cursor AI Code Editor Fixed Flaw Allowing Attackers to Run Commands via Prompt Injection

Cybersecurity researchers have disclosed a now-patched, high-severity security flaw in Cursor, a popular artificial intelligence (AI) code editor, that could result in remote code execution. The vulnerability, tracked as CVE-2025-54135 (CVSS score: 8.6), has been addressed in version 1.3 released on July 29, 2025. It has been codenamed CurXecute by Aim Labs, which previously disclosed EchoLeak.

Read Full Article
Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/yearSubscribe

Bias Distribution

  • 100% of the sources are Center
100% Center

Factuality 

To view factuality data please Upgrade to Premium

Ownership

To view ownership data please Upgrade to Vantage

BleepingComputer broke the news in on Friday, August 1, 2025.
Sources are mostly out of (0)

Similar News Topics

Innovation icon

Innovation

Artificial Intelligence icon

Artificial Intelligence

News
For You
SearchBlindspotLocal