CVE-2025-36730

Vulnerability Description

A prompt injection vulnerability exists in Windsurft version 1.10.7 in Write mode using SWE-1 model. It is possible to create a file name that will be appended to the user prompt causing Windsurf to follow its instructions.

References

https://www.tenable.com/security/research/tra-2025-47

FAQ

What is CVE-2025-36730?

CVE-2025-36730 is a documented vulnerability. A prompt injection vulnerability exists in Windsurft version 1.10.7 in Write mode using SWE-1 model. It is possible to create a file name that will be appended to the user prompt causing Windsurf to ...

How severe is CVE-2025-36730?

CVSS scoring is not yet available for CVE-2025-36730. Check NVD for updates.

Is there a patch for CVE-2025-36730?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.