Multiple Vulnerabilities in AI-Powered IDEs Enable Data Theft and RCE
Summary
Hide ▲
Show ▼
Over 30 vulnerabilities, collectively named IDEsaster, have been disclosed in various AI-powered Integrated Development Environments (IDEs). These flaws allow data exfiltration and remote code execution by chaining prompt injection primitives with legitimate IDE features. The affected IDEs include Cursor, Windsurf, Kiro.dev, GitHub Copilot, Zed.dev, Roo Code, Junie, and Cline. The vulnerabilities exploit the interaction between AI agents and IDE features, leading to significant security risks for developers and enterprises using these tools.
Timeline
-
06.12.2025 17:24 1 articles · 23h ago
Over 30 Vulnerabilities Disclosed in AI-Powered IDEs
Researchers have uncovered over 30 vulnerabilities in various AI-powered IDEs, collectively named IDEsaster. These flaws enable data exfiltration and remote code execution by chaining prompt injection primitives with legitimate IDE features. The affected IDEs include Cursor, Windsurf, Kiro.dev, GitHub Copilot, Zed.dev, Roo Code, Junie, and Cline. The vulnerabilities highlight the need for secure AI integration in development environments.
Show sources
- Researchers Uncover 30+ Flaws in AI Coding Tools Enabling Data Theft and RCE Attacks — thehackernews.com — 06.12.2025 17:24
Information Snippets
-
The vulnerabilities affect popular AI-powered IDEs and extensions such as Cursor, Windsurf, Kiro.dev, GitHub Copilot, Zed.dev, Roo Code, Junie, and Cline.
First reported: 06.12.2025 17:241 source, 1 articleShow sources
- Researchers Uncover 30+ Flaws in AI Coding Tools Enabling Data Theft and RCE Attacks — thehackernews.com — 06.12.2025 17:24
-
Of the 30+ vulnerabilities, 24 have been assigned CVE identifiers.
First reported: 06.12.2025 17:241 source, 1 articleShow sources
- Researchers Uncover 30+ Flaws in AI Coding Tools Enabling Data Theft and RCE Attacks — thehackernews.com — 06.12.2025 17:24
-
The attack chains involve bypassing LLM guardrails, performing actions without user interaction, and triggering legitimate IDE features to leak sensitive data or execute arbitrary commands.
First reported: 06.12.2025 17:241 source, 1 articleShow sources
- Researchers Uncover 30+ Flaws in AI Coding Tools Enabling Data Theft and RCE Attacks — thehackernews.com — 06.12.2025 17:24
-
Context hijacking can be achieved through user-added context references, MCP server tool poisoning, or parsing attacker-controlled input.
First reported: 06.12.2025 17:241 source, 1 articleShow sources
- Researchers Uncover 30+ Flaws in AI Coding Tools Enabling Data Theft and RCE Attacks — thehackernews.com — 06.12.2025 17:24
-
Some of the identified attacks include reading sensitive files, writing JSON files to attacker-controlled domains, and editing IDE settings files to achieve code execution.
First reported: 06.12.2025 17:241 source, 1 articleShow sources
- Researchers Uncover 30+ Flaws in AI Coding Tools Enabling Data Theft and RCE Attacks — thehackernews.com — 06.12.2025 17:24
-
The vulnerabilities highlight the need for the 'Secure for AI' principle, which ensures that AI components are secure by default and design.
First reported: 06.12.2025 17:241 source, 1 articleShow sources
- Researchers Uncover 30+ Flaws in AI Coding Tools Enabling Data Theft and RCE Attacks — thehackernews.com — 06.12.2025 17:24