Over 30 Security Vulnerabilities Discovered in AI-Powered Coding IDEs Enabling Data Theft and Remote Code Execution
Published 2025-12-01Ingested 2026-04-07AI-Assisted DevelopmentHigh
Summary
Security researchers have disclosed more than 30 vulnerabilities across major AI-powered Integrated Development Environments (IDEs) and coding assistants, including Cursor (CVE-2025-49150), Roo Code (CVE-2025-53097), JetBrains Junie (CVE-2025-58335), GitHub Copilot, Kiro.dev, and Claude Code. The flaws combine prompt injection primitives with legitimate tool features to enable data exfiltration and remote code execution. These attack chains differ from previously known prompt injection exploits
Alignment: Reinforces current position
Related Positions: ai-assisted-development-tooling.md, ai-governance-and-risk.md, agentic-workflows.md
Related Partnerships: anthropic-claude.md, microsoft-github.md, cognition-windsurf-devin.md
ai-coding-toolsprompt-injectionsecurity-vulnerabilitiescursorgithub-copilotclaude-coderemote-code-executiondata-exfiltrationai-governanceagentic-coding-security