Vulnerability Database

Published: Oct 14, 2025
Updated: Nov 17, 2025
CVE: <a href="https://nvd.nist.gov/vuln/detail/CVE-2025-36730" target="_blank" rel="noopener"> CVE-2025-36730
Exploit:

319,589

Total vulnerabilities in the database

A prompt injection vulnerability exists in Windsurft version 1.10.7 in Write mode using SWE-1 model.

It is possible to create a file name that will be appended to the user prompt causing Windsurf to follow its instructions.

No technical information available.

No CWE or OWASP classifications available.

No affected software listed.

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.