Main Vulnerability Database Vulnerabilities #VU117619

#VU117619 Improper Neutralization of Special Elements in Output Used by a Downstream Component in Windsurf - CVE-2025-36730

Published: October 23, 2025

Vulnerability identifier: #VU117619

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear

CVE-ID: CVE-2025-36730

CWE-ID: CWE-74

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vulnerable software:
Windsurf

Software vendor:
Cognition

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the prompt injection within filename. A remote attacker can create a file name that will be appended to the user prompt and cause Windsurf to follow its instructions.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://www.tenable.com/security/research/tra-2025-47

#VU117619 Improper Neutralization of Special Elements in Output Used by a Downstream Component in Windsurf - CVE-2025-36730

Description

Remediation

External links

Please verify you're human