THREATOPS
THREAT OPSThreat News › Cursor IDE: Arbitrary Data Exfiltration Via Mermaid (CVE-2025-54132)

Cursor IDE: Arbitrary Data Exfiltration Via Mermaid (CVE-2025-54132)

lowembracetheredPublished 2025-08-04

<a id="top_ref"></a>

<p>Cursor is a popular AI code editor. In this post I want to share how I found an interesting data exfiltration issue, the demo exploits built and how it got fixed.</p> <p><a href="https://embracethered.com/blog/images/2025/episode4-yt.png"><img alt="Cursor Data Exfiltration" src="https://embracethered.com/blog/images/2025/episode4-yt.png" /></a></p> <p>When using Cursor I n

Indicators of compromise

Original source: https://embracethered.com/blog/posts/2025/cursor-data-exfiltration-with-mermaid/