The prevalence of actively exploited vulnerabilities within production IDE environments presents a critical and escalating security concern for both individual developers and their broader organizations. This risk is particularly acute given the inherently sensitive nature of source code, intellectual property, and proprietary data that these development tools directly access and manipulate. Any compromise within this environment can lead to significant data breaches, intellectual property theft, and widespread disruption to software development lifecycles.
Forking an open-source repository and extending it for internal or proprietary use is a common practice in the software ecosystem. Following our recent research blog post on “The Aftermath of CVE-2025-4609“, we investigated why Cursor and Windsurf IDEs have not patched the newly discovered vulnerability. Our analysis revealed that both IDEs are unable to upgrade forked versions due to the fact that they are running outdated versions of VSCode.
According to their documentation, both Cursor and Windsurf are currently based on VSCode 1.99.3, which is four minor versions behind the current VSCode release of 1.103.2. However, from a security perspective, the primary concern is not the VSCode version lag, but rather the transitive dependency on Chromium. Both Cursor and Windsurf are running Chromium versions that are six major releases behind the latest version, while VSCode itself maintains up-to-date Chromium dependency.
This situation highlights a critical challenge in maintaining forked codebases: security vulnerabilities can accumulate not just in the primary codebase, but also in underlying dependencies that require consistent maintenance and updates. The diagram below illustrates the vulnerable components in the AI IDEs
Security Vulnerability Analysis: Chromium Dependencies in AI IDEs
The outdated Chromium version used by both Cursor and Windsurf contains no fewer than 80 known vulnerabilities cataloged by the National Vulnerability Database (NVD). Among these are several critical CVEs that have gained significant attention in the security community:
High-Impact Vulnerabilities
CVE-2025-4609 — This vulnerability was significant enough to earn its reporter a $250,000 USD bounty from Google’s Vulnerability Reward Program, highlighting its severity and potential impact.
Actively Exploited Vulnerabilities — The following CVEs have been confirmed as exploited in the wild and subsequently added to CISA’s Known Exploited Vulnerabilities (KEV) catalog:
- CVE-2025-5419 — Out-of-bounds read/write vulnerability in Chromium V8 engine
- CVE-2025-6554 — Type confusion vulnerability in Chromium V8 engine
- CVE-2025-6558 — NGLE and GPU Improper Input Validation Vulnerability
- CVE-2025-2783 — Mojo sandbox escape on Windows
Confirmed by Google — CVE-2025-4664 has been confirmed by Google to be actively exploited in the wild in real-world attacks. This vulnerability allowed attackers to make the browser leak cross-origin data that can be used to take over accounts.
Additional notable CVEs which seem most relevant for the IDE environment are:
- CVE-2025-6557 — Insufficient data validation in DevTools in Chrome on Windows allowed code execution
- CVE-2025-4052 — Inappropriate implementation in DevTools in Chrome allowed DAC bypass
- CVE-2025-4051 — Insufficient data validation in DevTools in Chrome allowed DAC bypass
- CVE-2025-4050 — Out-of-bounds memory access in DevTools in Chrome allowed heap corruption
- CVE-2025-1915 — Improper Limitation of a Pathname to a Restricted Directory in DevTools in Chrome on Windows allowed bypass of file access restrictions
- CVE-2025-2136 — Use-after-free in Inspector
Moreover, the evolving landscape of AI-powered IDEs is poised to exacerbate this vulnerability exposure. As AI IDEs become increasingly “agentic,” meaning they gain more autonomy in tasks like code generation, refactoring, and even deployment, the potential for exploitation amplifies. This heightened risk is further compounded by the growing trend of “vibe coding,” where developers rely more heavily on AI tools for rapid prototyping and automated assistance, potentially overlooking the intricacies of security best practices. The greater the reliance on these sophisticated, autonomous AI agents, the larger the attack surface becomes, and the more critical it is to ensure their underlying security and the integrity of the environments in which they operate.
We wish to clarify that a browser vulnerability might not be directly applicable to a desktop application. However, a concerning trend we observe is that while major vendors like Microsoft promptly patch their products, patches for forked products with actively exploited vulnerabilities found in the wild are often significantly delayed.
This disparity in patching cadence suggests that as time progresses, the security burden on the forked product is likely to escalate, accumulating a growing list of unaddressed security risks. This lag in security updates poses a substantial threat to the integrity and safety of users relying on forked applications, potentially exposing them to known and exploited vulnerabilities for extended periods.
We’re sharing this analysis to highlight the hidden costs of maintaining closed-source forks of open-source software.
Recommendations
We strongly advise:
- Cursor and Windsurf users should apply patches immediately when updates become available.
- Recognize that your IDE may contain dozens of unpatched one-day vulnerabilities.
- Remain vigilant for suspicious activity on your development machine and ensure you have anti-malware software installed and running.
References:
- https://www.ox.security/blog/the-aftermath-of-cve-2025-4609-critical-sandbox-escape-leaves-1-5m-developers-vulnerable/
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=chromium&field_date_added_wrapper=all&field_cve=&sort_by=field_date_added&items_per_page=All&url=
- https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_14.html#:~:text=Google%20is%20aware%20that%20knowledge%20of%20CVE%2D2025%2D4664%20exists%20in%20the%20wild.
- https://nvd.nist.gov/vuln/search#/nvd/home?vulnRevisionStatusList=published&offset=75&rowCount=25&cpeFilterMode=applicability&cpeName=cpe:2.3:a:google:chrome:132.0.6834.210:*:*:*:*:*:*:*&resultType=records
