The latest versions of the popular AI coding environments Cursor and Windsurf expose an estimated 1.8 million developers to over 94 known and patched security vulnerabilities in the underlying Chromium browser and V8 JavaScript engine.
The Underlying Flaw
According to researchers at Ox Security, both integrated development environments (IDEs) are forked from Visual Studio Code and rely on an outdated version of the Electron framework. Because Electron packages a specific build of the Chromium browser and Google's V8 engine to render web content, these IDEs are running with severely old, unpatched components.
Since the IDE vendors have not upgraded the embedded Chromium and V8 components, the developers are exposed to dozens of flaws that have already been fixed in newer releases. Ox Security demonstrated the severity by weaponizing one of these flaws, an integer overflow vulnerability in the V8 engine tracked as CVE-2025-7656.
Exploitation Potential
Ox Security proved that the vulnerability can be triggered via a deeplink. This link executes Cursor and instructs its internal browser to visit a remote URL hosting an exploit payload. The exploit code causes a denial of service condition, crashing the IDE. More concerningly, the researchers noted that the flaw has the potential for arbitrary code execution (RCE) in real world attacks.
Attackers have numerous vectors to exploit this vulnerability, including:
- Malicious extensions
- Poisoned repositories containing malicious code in README files that are previewed in the IDE
- Injecting exploit code into documentation and tutorials
The researchers noted that the exploit does not work on the official, regularly updated Visual Studio Code, which maintains security patches.
Vendors Dismiss Risk
Despite being responsibly disclosed since mid October, the risk remains. Ox Security reported that Cursor dismissed the report, labeling the denial-of-service proof of concept as "out of scope." Windsurf has not yet responded to the findings. Ox Security warns that this stance ignores the more severe RCE potential and the massive attack surface presented by the more than 94 known, unpatched CVEs in the Electron apps.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
