Security Flaw in Cursor AI Code Editor Allows Covert Code Execution through Malicious Repositories

Sep 12, 2025
AI Security / Vulnerability

A newly identified security vulnerability in the AI-driven code editor, Cursor, may lead to unauthorized code execution when users open compromised repositories. The issue arises from the default disabling of an essential security feature, which permits attackers to execute arbitrary code on a user’s system with their privileges. According to an analysis by Oasis Security, “Cursor ships with Workspace Trust disabled by default, so VS Code-style tasks configured with runOptions.runOn: ‘folderOpen’ auto-execute the moment a developer browses a project. A malicious .vscode/tasks.json sneaks a casual ‘open folder’ into silent code execution within the user’s context.” Cursor, an AI-enhanced adaptation of Visual Studio Code, includes the Workspace Trust feature designed to help developers navigate and edit code safely, regardless of its origin or authorship.

Security Flaw in Cursor AI Code Editor Enables Silent Code Execution from Malicious Repositories

A recent vulnerability has been uncovered in the AI-powered code editor Cursor, which poses significant risks for developers. This flaw allows for unauthorized code execution when users open a maliciously designed repository within the application. The root of the issue lies in the software’s default security configuration, which disables a critical setting that is intended to safeguard against such threats.

The problem centers on the Workspace Trust feature, which is similar to a functionality found in Visual Studio Code, another widely used code editor. Oasis Security’s analysis revealed that Cursor ships with this feature turned off by default. Consequently, when developers open a project, tasks configured with the runOptions.runOn: ‘folderOpen’ parameter execute automatically, granting potential attackers the ability to run arbitrary code with the same privileges as the user.

This silent execution means that an unsuspecting developer could inadvertently transform a simple folder-opening action into a serious security breach. A manipulated .vscode/tasks.json file can trigger malicious code, potentially leading to loss of sensitive data or unauthorized access to a user’s system.

The implications of this vulnerability are particularly concerning for the programming community, especially for professionals collaborating on projects in shared environments. Given that Cursor is designed for ease of use and rapid development, the lack of stringent security measures raises questions about the practices of both the software developers and its users. The incident highlights the need for individuals and organizations to remain vigilant about the settings and configurations of their development tools.

In terms of potential attack methods, the MITRE ATT&CK framework provides insights into the tactics and techniques that could have been exploited. Initial access may have been gained through the execution of harmful scripts embedded in the malicious repository. This could further lead to persistence, as the attacker maintains a foothold within the system. Moreover, privilege escalation may also be a concern, considering the code executes with the user’s own privileges.

As organizations and developers increasingly rely on AI-driven tools like Cursor, the importance of understanding security configurations cannot be overstated. User awareness and best practices, such as enabling Workspace Trust or reviewing task files before executing them, will be critical in mitigating risks associated with such vulnerabilities.

The recent discovery serves as a crucial reminder for the tech-savvy professional community to prioritize security in every aspect of software development. The potential consequences of unaddressed vulnerabilities extend beyond individual users to the broader ecosystem of tech innovation, underscoring the critical need for rigorous attention to cybersecurity measures.

Source link

Related Posts

Urgent Warning: CVE-2025-5086 in DELMIA Apriso Actively Exploited, CISA Alerts Public

September 12, 2025
Vulnerability / Cybersecurity Threat

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has identified a critical security vulnerability in Dassault Systèmes’ DELMIA Apriso Manufacturing Operations Management (MOM) software. This flaw, known as CVE-2025-5086, has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog due to evidence of active exploitation. With a CVSS score of 9.0 out of 10.0, the issue affects versions from Release 2020 to Release 2025.

According to Dassault, the vulnerability involves the deserialization of untrusted data, potentially allowing for remote code execution. The alert follows reports from the SANS Internet Storm Center regarding exploitation attempts traced to an IP address in Mexico. Attackers are reportedly sending HTTP requests to the “/apriso/WebServices/FlexNetOperationsService.sv…” endpoint.

Apple Alerts French Users of Fourth Spyware Campaign in 2025, Confirms CERT-FR

Sep 12, 2025

Apple has warned users in France about a new spyware campaign affecting their devices, as confirmed by the Computer Emergency Response Team of France (CERT-FR). Alerts were issued on September 3, 2025, marking the fourth occurrence this year where Apple notified citizens that at least one device linked to their iCloud accounts may have been compromised through targeted attacks. CERT-FR did not disclose specifics regarding the reasons behind these alerts. Previous notifications were sent on March 5, April 29, and June 25. Apple has been issuing these warnings since November 2021. According to CERT-FR, “These sophisticated attacks target individuals based on their status or role, including journalists, lawyers, activists, politicians, and senior officials in key sectors.” This news arrives shortly after a security vulnerability in WhatsApp (CVE-2025-55177, CVSS score: 5.4) was linked to similar threats.