CVE-2025-62353
Published: 17 October 2025
Summary
CVE-2025-62353 is a critical-severity Path Traversal (CWE-22) vulnerability in Hiddenlayer (inferred from references). Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 29.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as Enterprise AI Assistants; in the LLM/Generative AI Risks risk domain; MITRE ATLAS techniques in scope: Indirect (AML.T0051.001).
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-62353 is a path traversal vulnerability (CWE-22) affecting all versions of the Windsurf IDE. It enables a threat actor to read and write arbitrary local files on an end user's system, both within and outside of current projects. The vulnerability is reachable directly or through indirect prompt injection, earning a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its network accessibility, low complexity, and lack of prerequisites.
Any remote attacker can exploit this vulnerability without authentication or user interaction, potentially compromising the confidentiality, integrity, and availability of the victim's local filesystem. Successful exploitation grants full read and write access to arbitrary files, allowing data exfiltration, malware deployment, or system modification beyond the IDE's project scope.
Security practitioners should consult the advisory at https://hiddenlayer.com/sai_security_advisor/2025-10-windsurf/ for details on mitigation strategies and patches, as the vulnerability was published on 2025-10-17.
The involvement of indirect prompt injection highlights potential relevance to AI/ML-driven features in the Windsurf IDE, broadening the attack surface in AI-assisted development environments. No real-world exploitation has been reported in the available information.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-34890
Vulnerability details
A path traversal vulnerability in all versions of the Windsurf IDE enables a threat actor to read and write arbitrary local files in and outside of current projects on an end user’s system. The vulnerability can be reached directly and…
more
through indirect prompt injection.
- CWE(s)
AI Security AnalysisAI
- AI Category
- Enterprise AI Assistants
- Risk Domain
- LLM/Generative AI Risks
- OWASP Top 10 for LLMs 2025
- Classification Reason
- Matched keywords: prompt injection
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The path traversal vulnerability enables arbitrary read access to local files outside project directories, facilitating data collection from the local system (T1005), file and directory discovery (T1083), and accessing unsecured credentials in files (T1081). Write access further supports related persistence and modification techniques.
MITRE ATLAS TechniquesAI
MITRE ATLAS techniques
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates the CVE by requiring timely remediation and patching of the path traversal vulnerability in all versions of Windsurf IDE.
Prevents exploitation of path traversal and indirect prompt injection by enforcing validation of file path inputs at entry points.
Limits the impact of arbitrary file read/write by enforcing least privilege for the IDE process, restricting access outside intended project scopes.