critical
CVE-2025-59944
Published 2025-10-03
Cursor sensitive-file protection bypass
Affected Cursor releases used case-sensitive checks around sensitive files, enabling a prompt-injection path to modify protected configuration on case-insensitive filesystems.
Affected
Cursor 1.6.23 and earlier.
Action
Update to Cursor 1.7 or later and review repository-controlled AI configuration before trust is granted.
