CVE-2025-62353_CVE-2025-62353

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

A path traversal vulnerability in all versions of the Windsurf IDE enables a threat actor to read and write arbitrary local files in and outside of current projects on an end user’s system. The vulnerability can be reached directly and through indirect prompt injection.

Basic Information

ID CVE-2025-62353

Source HiddenLayer

Published Oct 17, 2025 at 15:27

Modified Oct 17, 2025 at 15:51

Affected Product

Vendor Windsurf

Product Windsurf

Version *

Affected Versions Windsurf Windsurf *

CWE Classification

CWE-22

References

hiddenlayer.com /sai_security_advisor/2025-10-windsurf/

{
    "lastseen": "",
    "description": "A path traversal vulnerability in all versions of the Windsurf IDE enables a threat actor to read and write arbitrary local files in and outside of current projects on an end user\u2019s system. The vulnerability can be reached directly and through indirect prompt injection.",
    "published": "2025-10-17T15:27:59.005Z",
    "modified": "2025-10-17T15:51:17.309Z",
    "type": "cve",
    "title": "CVE-2025-62353",
    "source": "HiddenLayer",
    "references": "https://hiddenlayer.com/sai_security_advisor/2025-10-windsurf/",
    "id": "CVE-2025-62353",
    "bulletinFamily": "",
    "cwe": [
        "CWE-22"
    ],
    "cvelist": null,
    "sourceData": "Windsurf Windsurf *",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Windsurf",
    "version": "*",
    "vendor": "Windsurf",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}