A critical command injection vulnerability, identified as CVE-2025-62354, has been discovered in multiple Cursor products. This flaw allows an unauthorized attacker to bypass security controls and execute arbitrary commands on an affected system, which can lead to a full system compromise, data theft, and operational disruption.

This vulnerability is a command injection flaw, categorized as CWE-78 (Improper Neutralization of Special Elements used in an OS Command). The affected software fails to properly sanitize user-supplied input before passing it to a system shell command. An unauthorized attacker can craft input containing special shell metacharacters (e.g., ;, |, &&, $(command)) to bypass an intended command allowlist. When the application processes this malicious input, the operating system's command interpreter executes the attacker's injected commands with the same privileges as the running application, resulting in arbitrary code execution.

This vulnerability is rated as critical with a CVSS score of 9.8. Successful exploitation could lead to a complete compromise of the affected system. The potential business impact includes theft of sensitive corporate or customer data, deployment of ransomware or other malware, disruption of critical business services, and unauthorized access to the internal network. A compromise of this nature could result in significant financial loss, reputational damage, and regulatory penalties.

Immediate Action: Update affected Cursor products to the latest version as recommended by the vendor. After patching, monitor systems for any signs of exploitation and review historical access and application logs for suspicious activity that may have occurred prior to the update.

Proactive Monitoring: Security teams should actively monitor for signs of compromise. This includes looking for unusual child processes spawned by the Cursor application, unexpected outbound network connections from the host system, and command-line logs containing shell metacharacters. Monitor endpoint detection and response (EDR) solutions for alerts related to suspicious process execution chains originating from the affected software.

Compensating Controls: If immediate patching is not feasible, implement the following controls to mitigate risk:

• Deploy a Web Application Firewall (WAF) or Intrusion Prevention System (IPS) with rulesets designed to detect and block command injection attack patterns.
• Apply the principle of least privilege by ensuring the application runs with the minimum permissions necessary for its operation.
• Implement strict egress filtering to block unexpected outbound network connections from the server, which can prevent communication with attacker-controlled infrastructure.

Public Exploit Available: false

This vulnerability presents a critical and immediate risk to the organization. Due to the high potential for a complete system compromise, the highest priority must be given to patching all affected systems. We strongly recommend that all system owners identify and update vulnerable instances of Cursor products without delay. If patching is not immediately possible, the compensating controls outlined above must be implemented as a temporary measure to reduce the attack surface.