Cyber Resilience

CVE-2025-62353

Critical

Published: 17 October 2025

Published
17 October 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0011 29.4th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-62353 is a critical-severity Path Traversal (CWE-22) vulnerability in Hiddenlayer (inferred from references). Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 29.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as Enterprise AI Assistants; in the LLM/Generative AI Risks risk domain; MITRE ATLAS techniques in scope: Indirect (AML.T0051.001).

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-62353 is a path traversal vulnerability (CWE-22) affecting all versions of the Windsurf IDE. It enables a threat actor to read and write arbitrary local files on an end user's system, both within and outside of current projects. The vulnerability is reachable directly or through indirect prompt injection, earning a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its network accessibility, low complexity, and lack of prerequisites.

Any remote attacker can exploit this vulnerability without authentication or user interaction, potentially compromising the confidentiality, integrity, and availability of the victim's local filesystem. Successful exploitation grants full read and write access to arbitrary files, allowing data exfiltration, malware deployment, or system modification beyond the IDE's project scope.

Security practitioners should consult the advisory at https://hiddenlayer.com/sai_security_advisor/2025-10-windsurf/ for details on mitigation strategies and patches, as the vulnerability was published on 2025-10-17.

The involvement of indirect prompt injection highlights potential relevance to AI/ML-driven features in the Windsurf IDE, broadening the attack surface in AI-assisted development environments. No real-world exploitation has been reported in the available information.

EU & UK References

Vulnerability details

A path traversal vulnerability in all versions of the Windsurf IDE enables a threat actor to read and write arbitrary local files in and outside of current projects on an end user’s system. The vulnerability can be reached directly and…

more

through indirect prompt injection.

CWE(s)

AI Security AnalysisAI

AI Category
Enterprise AI Assistants
Risk Domain
LLM/Generative AI Risks
OWASP Top 10 for LLMs 2025
LLM01:2025 Prompt Injection
Classification Reason
Matched keywords: prompt injection

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
T1083 File and Directory Discovery Discovery
Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system.
T1552.001 Credentials In Files Credential Access
Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.
Why these techniques?

The path traversal vulnerability enables arbitrary read access to local files outside project directories, facilitating data collection from the local system (T1005), file and directory discovery (T1083), and accessing unsecured credentials in files (T1081). Write access further supports related persistence and modification techniques.

MITRE ATLAS TechniquesAI

MITRE ATLAS techniques

AML.T0051.001: Indirect

CVEs Like This One

CVE-2024-12866Shared CWE-22
CVE-2025-2294Shared CWE-22
CVE-2021-47849Shared CWE-22
CVE-2026-33166Shared CWE-22
CVE-2026-23491Shared CWE-22
CVE-2026-35668Shared CWE-22
CVE-2026-0651Shared CWE-22
CVE-2026-26985Shared CWE-22
CVE-2026-24849Shared CWE-22
CVE-2024-57784Shared CWE-22

Affected Assets

Hiddenlayer
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the CVE by requiring timely remediation and patching of the path traversal vulnerability in all versions of Windsurf IDE.

prevent

Prevents exploitation of path traversal and indirect prompt injection by enforcing validation of file path inputs at entry points.

prevent

Limits the impact of arbitrary file read/write by enforcing least privilege for the IDE process, restricting access outside intended project scopes.

References