Main Vulnerability Database Exploits ID:12027 - Exploit for Improper Neutralization of Special Elements in Output Used by a Downstream Component in Windsurf - CVE-2025-36730

ID:12027 - Exploit for Improper Neutralization of Special Elements in Output Used by a Downstream Component in Windsurf - CVE-2025-36730

Published: October 23, 2025

Vulnerability identifier: #VU117619

Vulnerability risk: Low

CVE-ID: CVE-2025-36730

CWE-ID: CWE-74

Exploitation vector: Remote access

Vulnerable software:
Windsurf

Link to public exploit:

https://www.tenable.com/security/research/tra-2025-47/#poc

Vulnerability description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the prompt injection within filename. A remote attacker can create a file name that will be appended to the user prompt and cause Windsurf to follow its instructions.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

ID:12027 - Exploit for Improper Neutralization of Special Elements in Output Used by a Downstream Component in Windsurf - CVE-2025-36730

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human