{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-54132", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-07-16T23:53:40.510Z", "datePublished": "2025-08-01T23:05:17.187Z", "dateUpdated": "2025-08-04T17:17:40.695Z"}, "containers": {"cna": {"title": "Cursor's Mermaid Diagram Tool is Vulnerable to an Arbitrary Image Fetch", "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "lang": "en", "description": "CWE-918: Server-Side Request Forgery (SSRF)", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/cursor/cursor/security/advisories/GHSA-43wj-mwcc-x93p", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/cursor/cursor/security/advisories/GHSA-43wj-mwcc-x93p"}], "affected": [{"vendor": "cursor", "product": "cursor", "versions": [{"version": "< 1.3", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-08-01T23:05:17.187Z"}, "descriptions": [{"lang": "en", "value": "Cursor is a code editor built for programming with AI. In versions below 1.3, Mermaid (which is used to render diagrams) allows embedding images which then get rendered by Cursor in the chat box. An attacker can use this to exfiltrate sensitive information to a third-party attacker controlled server through an image fetch after successfully performing a prompt injection. A malicious model (or hallucination/backdoor) might also trigger this exploit at will. This issue requires prompt injection from malicious data (web, image upload, source code) in order to exploit. In that case, it can send sensitive information to an attacker-controlled external server. This is fixed in version 1.3."}], "source": {"advisory": "GHSA-43wj-mwcc-x93p", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-08-04T17:17:22.559989Z", "id": "CVE-2025-54132", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-04T17:17:40.695Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-54132", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-08-04T17:17:22.559989Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-04T17:17:25.789Z"}}], "cna": {"title": "Cursor's Mermaid Diagram Tool is Vulnerable to an Arbitrary Image Fetch", "source": {"advisory": "GHSA-43wj-mwcc-x93p", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "cursor", "product": "cursor", "versions": [{"status": "affected", "version": "< 1.3"}]}], "references": [{"url": "https://github.com/cursor/cursor/security/advisories/GHSA-43wj-mwcc-x93p", "name": "https://github.com/cursor/cursor/security/advisories/GHSA-43wj-mwcc-x93p", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "Cursor is a code editor built for programming with AI. In versions below 1.3, Mermaid (which is used to render diagrams) allows embedding images which then get rendered by Cursor in the chat box. An attacker can use this to exfiltrate sensitive information to a third-party attacker controlled server through an image fetch after successfully performing a prompt injection. A malicious model (or hallucination/backdoor) might also trigger this exploit at will. This issue requires prompt injection from malicious data (web, image upload, source code) in order to exploit. In that case, it can send sensitive information to an attacker-controlled external server. This is fixed in version 1.3."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-918", "description": "CWE-918: Server-Side Request Forgery (SSRF)"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-08-01T23:05:17.187Z"}}}, "cveMetadata": {"cveId": "CVE-2025-54132", "state": "PUBLISHED", "dateUpdated": "2025-08-04T17:17:40.695Z", "dateReserved": "2025-07-16T23:53:40.510Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2025-08-01T23:05:17.187Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:anysphere:cursor:*:*:*:*:*:*:*:*", "matchCriteriaId": "6CC3BD06-C788-4AE8-80B9-8CF608AB5F5F", "versionEndExcluding": "1.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cursor is a code editor built for programming with AI. In versions below 1.3, Mermaid (which is used to render diagrams) allows embedding images which then get rendered by Cursor in the chat box. An attacker can use this to exfiltrate sensitive information to a third-party attacker controlled server through an image fetch after successfully performing a prompt injection. A malicious model (or hallucination/backdoor) might also trigger this exploit at will. This issue requires prompt injection from malicious data (web, image upload, source code) in order to exploit. In that case, it can send sensitive information to an attacker-controlled external server. This is fixed in version 1.3."}, {"lang": "es", "value": "Cursor es un editor de c\u00f3digo creado para programar con IA. En versiones anteriores a la 1.3, Mermaid (utilizado para renderizar diagramas) permite incrustar im\u00e1genes que Cursor renderiza en el cuadro de chat. Un atacante puede usar esto para exfiltrar informaci\u00f3n confidencial a un servidor externo controlado por un atacante mediante la obtenci\u00f3n de una imagen tras realizar con \u00e9xito una inyecci\u00f3n de aviso. Un modelo malicioso (o alucinaci\u00f3n/puerta trasera) tambi\u00e9n podr\u00eda activar este exploit a voluntad. Este problema requiere la inyecci\u00f3n de aviso desde datos maliciosos (web, subida de im\u00e1genes, c\u00f3digo fuente) para explotarlo. En ese caso, puede enviar informaci\u00f3n confidencial a un servidor externo controlado por el atacante. Esto se solucion\u00f3 en la versi\u00f3n 1.3."}], "id": "CVE-2025-54132", "lastModified": "2025-08-25T01:48:43.120", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 0.7, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-08-01T23:15:24.753", "references": [{"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/cursor/cursor/security/advisories/GHSA-43wj-mwcc-x93p"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "security-advisories@github.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"created": "2025-08-04T08:15:52.133223+00:00", "updated": "2025-08-04T08:15:52.133274+00:00", "vendors": ["cursor", "cursor$PRODUCT$cursor"]}