Information disclosure in Anysphere Cursor

CVE-2025-61589

Cursor is a code editor built for programming with AI. In versions 1.6 and below, Mermaid (a to render diagrams) allows embedding images which then get rendered by Cursor in the chat box. An attacker can use this to exfiltrate sensitive in…

Vulnerability class: Information Disclosure

EPSS: 0.003 (19.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.9 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2025-61589?
CVE-2025-61589 is a medium-severity vulnerability in Anysphere Cursor, classified under Information Disclosure. CVSS score: 5.9/10. Published 2025-10-03.
How severe is CVE-2025-61589?
Medium severity. CVSS v3 base score is 5.9 out of 10.