NuytsTech Security

CVE-2025-36730

by ·

A prompt injection vulnerability exists in Windsurft version 1.10.7 in Write mode using SWE-1 model.

It is possible to create a file name that will be appended to the user prompt causing Windsurf to follow its instructions.

More information : https://www.tenable.com/security/research/tra-2025-47

Tags: