05.12.2025
2 min
411
Cybersecurity researchers have disclosed over 30 critical vulnerabilities in popular AI-powered Integrated Development Environments (IDEs), enabling attackers to exfiltrate sensitive data and execute remote code without user interaction. The issues are collectively named IDEsaster.
According to The Hacker News, affected tools include GitHub Copilot, Cursor, Windsurf, Zed, Roo Code, Junie, and others. While some flaws have received CVE identifiers, others have only been mitigated through security warnings rather than full patches.
The core issue lies in AI agents blindly trusting legitimate IDE features, failing to account for prompt injection threats. As a result, attackers can:
read sensitive files,
modify IDE configuration settings,
execute arbitrary commands,
exfiltrate data via outbound network requests.
In many cases, these actions are auto-approved, requiring no user confirmation.
The attacks chain prompt injection, automated tool execution, and abuse of native IDE functionality. Malicious context can be introduced through:
README files,
source code comments,
hidden Unicode characters,
external MCP servers or URLs.
This significantly expands the attack surface across development workstations, CI/CD pipelines, and supply chains.
Security experts stress the need for a “Secure for AI” design paradigm, where AI-driven tools are built with autonomous agent abuse in mind. Developers are urged to limit permissions, trust only verified projects, and carefully audit all external context sources.
