Critical and high-severity vulnerabilities were found in four widely used Visual Studio Code extensions with a combined 128 million downloads, exposing developers to file theft, remote code execution, and local network reconnaissance.
Application security company OX Security published the findings this week, saying it had begun notifying vendors in June 2025 but received no response from three of the four maintainers.
Three CVEs, CVE-2025-65717, CVE-2025-65715, and CVE-2025-65716, were formally assigned and published on February 16.
VS Code extensions are add-ons that expand the functionality of Microsoft’s widely used code editor, adding capabilities such as language support, debugging tools, live preview, and code execution. They run with broad access to local files, terminals, and network resources, which is what made these vulnerabilities consequential.
Unlike the rogue extensions that threat actors have repeatedly planted in the VS Code marketplace, these flaws resided in legitimate, widely installed tools, meaning developers had no reason to suspect them, OX Security said in an advisory.
“Our research demonstrates that a hacker needs only one malicious extension, or a single vulnerability within one extension, to perform lateral movement and compromise entire organizations,” the advisory added.
The vulnerabilities also affected Cursor and Windsurf, the AI-powered IDEs built on VS Code’s extension infrastructure.
OX Security published individual advisories for each flaw, detailing how each could be exploited and what an attacker could achieve.
How the attacks worked
The most severe flaw, CVE-2025-65717 (critical), was in Live Server, a 72-million-download extension that launches a local HTTP server for real-time browser previews. OX Security found the server was reachable from any web page a developer visited while it was running, not just their own browser.
“Attackers only need to send a malicious link to the victim while Live Server is running in the background,” OX Security researchers Moshe Siman Tov Bustan and Nir Zadok wrote in an advisory.
CVE-2025-65715 (high severity) affected Code Runner, with 37 million downloads. The extension reads execution commands from a global configuration file, and OX Security found a crafted entry that was enough to trigger arbitrary code execution, including reverse shells. An attacker could place it by phishing a developer into pasting a malicious snippet, or through a compromised extension that modified the file silently.
CVE-2025-65716 (CVSS 8.8) affected Markdown Preview Enhanced, with 8.5 million downloads. Simply opening an untrusted Markdown file was enough to trigger it. “A malicious Markdown file could trigger scripts or embedded content that collects information about open ports on the victim’s machine,” the researchers noted.
Microsoft quietly patched its own extension
The fourth vulnerability played out differently. Microsoft’s Live Preview extension, with 11 million downloads, contained a cross-site scripting flaw that, according to OX Security, let a malicious web page enumerate files in the root of a developer’s machine and exfiltrate credentials, access keys, and other secrets.
The researchers reported the issue to Microsoft on August 7. Microsoft initially rated it as low severity, citing required user interaction.
“However, on September 11, 2025 — without notifying us — Microsoft quietly released a patch addressing the XSS security issues we reported. We only recently discovered that this patch had been deployed,” the researchers added.
No CVE was assigned to this vulnerability. “Users with Live Preview installed should update to version 0.4.16 or later immediately,” the researchers suggested.
Microsoft did not immediately respond to a request for comment.
Taken together, the four flaws pointed to a broader problem with how developer tools are secured and maintained.
What security teams should do
“These vulnerabilities confirm that IDEs are the weakest link in an organization’s supply chain security,” the researchers at OX Security said in the advisory.
Developer workstations routinely hold API keys, cloud credentials, database connection strings, and SSH keys. OX Security warned that a successful exfiltration from a single machine could give an attacker access to an organization’s broader infrastructure and that the risks extended to lateral movement and full system takeover.
The researchers advised developers to disable extensions not actively in use and avoid browsing untrusted sites while localhost servers are running. They also cautioned against applying configuration snippets from unverified sources to VS Code’s global settings.
Go to Source
Author:
