CVE Number: CVE-2025-62354 Summary: - The 'Follow Allowlist' setting in Cursor's autorun mode has a bypass in its logic, allowing attackers to execute non-whitelisted commands. Products Impacted: Cursor v1.3.4 up to but not including v2.0. CVSS Score: 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CWE Categorization: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Details: - Cursor's allowlist enforcement can be bypassed using brace expansion with zsh or bash. For example, a flaw in parsing logic allowed commands like to execute without user confirmation. Timeline: - July 29, 2025: Vendor disclosure and discussion over email - August 12, 2025: Follow up email sent to vendor - August 18, 2025: Discussion on reproducing the issue - September 24, 2025: Vendor still working on a fix - November 4, 2025: Follow up email sent to vendor - November 5, 2025: Fix confirmed - November 26, 2025: Public disclosure Quote from Vendor: "The allowlist is best-effort, not a security boundary and determined agents or prompt injection might bypass it." Project URL: https://cursor.com/home