CyberSecurityBoardThreat Intel · CVEs · Products
Cyber Companies

Aim Security Discovered CurXecute Vulnerability in Cursor

June 25, 2026

Aim Security, a cybersecurity company, discovered the CurXecute vulnerability (CVE-2025-54135) in Cursor, which allowed prompt injection via Slack messages to rewrite configuration and execute commands. The vulnerability was fixed in Cursor 1.3.