{"id":2758,"date":"2025-09-10T17:58:10","date_gmt":"2025-09-10T17:58:10","guid":{"rendered":"https:\/\/ft365.org\/index.php\/2025\/09\/10\/cursor-autorun-flaw-lets-repositories-execute-code-without-consent\/"},"modified":"2025-09-10T17:58:10","modified_gmt":"2025-09-10T17:58:10","slug":"cursor-autorun-flaw-lets-repositories-execute-code-without-consent","status":"publish","type":"post","link":"https:\/\/ft365.org\/index.php\/2025\/09\/10\/cursor-autorun-flaw-lets-repositories-execute-code-without-consent\/","title":{"rendered":"Cursor Autorun Flaw Lets Repositories Execute Code Without Consent"},"content":{"rendered":"<div id=\"cphContent_pnlArticleBody\" data-layout-id=\"2\" data-edit-folder-name=\"text\" data-index=\"0\">\n<p>A newly disclosed flaw in the Cursor extension allows repositories to automatically execute code when a folder is opened, even without a developer\u2019s consent.<\/p>\n<p>The issue stems from the extension\u2019s \u201cautorun\u201d\u00a0feature, which launches commands tied to workspace events, such as opening a project.<\/p>\n<p>Researchers at Oasis Security found that malicious actors could craft repositories that exploit this functionality. By embedding hidden instructions, attackers can trigger unauthorized code execution the moment a user opens the repository in Visual Studio Code with Cursor installed.<\/p>\n<h2>Supply Chain Risks Exposed<\/h2>\n<p>The discovery highlights how supply chain threats are evolving beyond dependency hijacking. Instead of waiting for a developer to run scripts or install packages, adversaries can now weaponize something as routine as opening a folder.<\/p>\n<p>\u201cThe Oasis Security team\u2019s findings highlight a serious but often overlooked risk: the silent execution of malicious code through development environments,\u201d\u00a0said Heath Renfrow, CISO at Fenix24.<\/p>\n<p>Randolph Barr, CISO at Cequence Security, added:\u00a0\u201cI think this highlights a theme we\u2019ve seen many times before \u2013 when products hit hypergrowth adoption (especially during COVID), \u2018secure by default\u2019\u00a0often gets sacrificed for speed. Cursor is going through the same rapid iteration cycles we saw with other tools back then, and unfortunately, it means repeating mistakes that more mature companies have already learned from.\u201d<\/p>\n<p><em>Read more on software supply chain security: GhostAction Supply Chain Attack Compromises 3000+ Secrets<\/em><\/p>\n<p>The potential consequences are significant. Malicious repositories could be used to:<\/p>\n<ul>\n<li>\n<p>Steal authentication tokens or API keys<\/p>\n<\/li>\n<li>\n<p>Alter local project files<\/p>\n<\/li>\n<li>\n<p>Plant persistent malware within the development environment<\/p>\n<\/li>\n<\/ul>\n<p>Renfrow noted that with Workspace Trust disabled by default in Cursor, \u201cthis vulnerability effectively turns a simple \u2018open folder\u2019\u00a0action into a potential full compromise of a developer\u2019s machine.\u201d\u00a0<\/p>\n<p>He warned that developer laptops often contain cloud API keys, SaaS sessions\u00a0and CI\/CD credentials that attackers can exploit.<\/p>\n<p>Barr also emphasized the growing focus on Cursor.<\/p>\n<p>\u201cWhat stands out here is that Cursor has already been a target \u2013 CurXecute and MCPoison were both identified this year (2025), along with at least two other Cursor-related vulnerabilities in the same timeframe,\u201d\u00a0he said.<\/p>\n<p>\u201cAdd in malicious npm packages that specifically targeted Cursor\u2019s macOS users, and it\u2019s clear this editor is firmly in the sights of bad actors.\u201d<\/p>\n<h2>Industry Experts Weigh In<\/h2>\n<p>Trey Ford, chief strategy and trust officer at Bugcrowd, called the flaw\u00a0\u201can old-world vulnerability pattern that reminds me of the autorun.inf needing to be blocked when inserting a CD-ROM, DVD\u00a0or removable drive from twenty-plus years ago.\u201d<\/p>\n<p>He added that Cursor is now being compared to Microsoft\u2019s Visual Studio.<\/p>\n<p>\u201cThis is a cause for a high-five and a reckoning to further harden and expand enterprise security capabilities,\u201d Ford added.<\/p>\n<p>The report underscores a broader problem: developer tools are now part of the attack surface.<\/p>\n<p>\u201cThis finding is a reminder that development tools are part of the attack surface and require the same level of hardening as production infrastructure,\u201d\u00a0Renfrow concluded.<\/p>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>A newly disclosed flaw in the Cursor extension allows repositories to automatically execute code when a folder is opened, even without a developer\u2019s consent. The issue stems from the extension\u2019s \u201cautorun\u201d\u00a0feature, which launches commands tied to workspace events, such as opening a project. Researchers at Oasis Security found that malicious actors could craft repositories that<\/p>\n","protected":false},"author":2,"featured_media":2759,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-2758","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"featured_image_urls":{"full":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/09\/2758-0205cc0d-0981-4d4c-9ca4-0136bc6521f0.jpg",300,300,false],"thumbnail":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/09\/2758-0205cc0d-0981-4d4c-9ca4-0136bc6521f0-150x150.jpg",150,150,true],"medium":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/09\/2758-0205cc0d-0981-4d4c-9ca4-0136bc6521f0.jpg",300,300,false],"medium_large":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/09\/2758-0205cc0d-0981-4d4c-9ca4-0136bc6521f0.jpg",300,300,false],"large":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/09\/2758-0205cc0d-0981-4d4c-9ca4-0136bc6521f0.jpg",300,300,false],"1536x1536":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/09\/2758-0205cc0d-0981-4d4c-9ca4-0136bc6521f0.jpg",300,300,false],"2048x2048":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/09\/2758-0205cc0d-0981-4d4c-9ca4-0136bc6521f0.jpg",300,300,false],"morenews-featured":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/09\/2758-0205cc0d-0981-4d4c-9ca4-0136bc6521f0.jpg",300,300,false],"morenews-large":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/09\/2758-0205cc0d-0981-4d4c-9ca4-0136bc6521f0.jpg",300,300,false],"morenews-medium":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/09\/2758-0205cc0d-0981-4d4c-9ca4-0136bc6521f0.jpg",300,300,false],"crawlomatic_preview_image":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/09\/2758-0205cc0d-0981-4d4c-9ca4-0136bc6521f0-146x146.jpg",146,146,true]},"author_info":{"display_name":"henry","author_link":"https:\/\/ft365.org\/index.php\/author\/henry\/"},"category_info":"<a href=\"https:\/\/ft365.org\/index.php\/category\/uncategorized\/\" rel=\"category tag\">Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","_links":{"self":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/2758","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/comments?post=2758"}],"version-history":[{"count":0,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/2758\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media\/2759"}],"wp:attachment":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media?parent=2758"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/categories?post=2758"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/tags?post=2758"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}