Aim Security, a cybersecurity company, discovered the CurXecute vulnerability (CVE-2025-54135) in Cursor, which allowed prompt injection via Slack messages to rewrite configuration and execute commands. The vulnerability was fixed in Cursor 1.3.
Aim Security, a cybersecurity company, discovered the CurXecute vulnerability (CVE-2025-54135) in Cursor, which allowed prompt injection via Slack messages to rewrite configuration and execute commands. The vulnerability was fixed in Cursor 1.3.