AI description
CVE-2025-54110 is a vulnerability in the Windows Kernel. Disclosed on September 9, 2025, it is characterized by an integer overflow or wraparound, which could allow an authorized attacker with local access to elevate their privileges on a vulnerable Windows system. The vulnerability exists because the Windows Kernel performs a calculation that can result in an integer overflow or wraparound. This occurs when the logic assumes that the resulting value will always be larger than the original value, but the integer value is incremented to a value too large to store in the associated representation, potentially leading to unexpected behavior.
- Description
- Cursor is a code editor built for programming with AI. In versions 1.7.23 and below, a logic bug allows a malicious agent to read sensitive files that should be protected via cursorignore. An attacker who has already achieved prompt injection, or a malicious model, could create a new cursorignore file which can invalidate the configuration of pre-existing ones. This could allow a malicious agent to read protected files. This issue is fixed in version 2.0.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
- Products
- cursor
CVSS 4.0
- Type
- Secondary
- Base score
- 8.7
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- HIGH
- security-advisories@github.com
- CWE-284
- Hype score
- Not currently trending
CVE-2025-64110 (CVSS:8.7, HIGH) is Analyzed. Cursor is a code editor built for programming with AI. In versions 1.7.23 and below, a logic bug allows a malicious agen..https://t.co/6v5BMNWcdJ #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
10 Nov 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-64110 Cursor is a code editor built for programming with AI. In versions 1.7.23 and below, a logic bug allows a malicious agent to read sensitive files that should be prote… https://t.co/0FqhlY2CZk
@CVEnew
4 Nov 2025
461 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Since CVE's are trending (not for good reasons :) ) I just got my first CVE, in @cursor_ai -> CVE-2025-64110 The bug exploited a flaw where an attacker could bypass the existing cursorignore security rules simply by instructing the agent to create a new cursorignore file. h
@p1njc70r
3 Nov 2025
17094 Impressions
14 Retweets
118 Likes
35 Bookmarks
9 Replies
2 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:anysphere:cursor:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "630DF821-F0CF-4B9C-BC9F-EB7B9FD9E4C3",
"versionEndExcluding": "2.0"
}
],
"operator": "OR"
}
]
}
]