Cybersecurity experts have revealed a recently-fixed, critical security vulnerability in Cursor, a well-known artificial intelligence (AI) code editor, that could lead to remote code execution.
The weakness, identified as CVE-2025-54135 (CVSS rating: 8.6), has been resolved in version 1.3 launched on July 29, 2025. Aim Labs, which previously uncovered EchoLeak, has dubbed it CurXecute.