THREAT OPS › Threat News › Cursor IDE: Arbitrary Data Exfiltration Via Mermaid (CVE-2025-54132)
Cursor IDE: Arbitrary Data Exfiltration Via Mermaid (CVE-2025-54132)
<a id="top_ref"></a>
<p>Cursor is a popular AI code editor. In this post I want to share how I found an interesting data exfiltration issue, the demo exploits built and how it got fixed.</p> <p><a href="https://embracethered.com/blog/images/2025/episode4-yt.png"><img alt="Cursor Data Exfiltration" src="https://embracethered.com/blog/images/2025/episode4-yt.png" /></a></p> <p>When using Cursor I n
Indicators of compromise
- CVE-2025-54132cve