Recent research has uncovered critical and high-severity vulnerabilities in four popular Visual Studio Code extensions, which collectively boast 128 million downloads. These flaws expose developers to serious risks, including file theft, remote code execution, and local network reconnaissance.
OX Security, an application security company, released its findings this week. The firm began notifying the extension vendors in June 2025, yet three out of the four maintainers did not respond.
Three Common Vulnerabilities and Exposures (CVEs) were officially assigned: CVE-2025-65717, CVE-2025-65715, and CVE-2025-65716. These were published on February 16.
VS Code extensions are add-ons designed to enhance the functionality of Microsoft’s widely used code editor. They provide features such as language support, debugging tools, live previews, and code execution. However, these extensions have extensive access to local files, terminals, and network resources, which magnifies the impact of the vulnerabilities.
Unlike the malicious extensions that threat actors have previously introduced into the VS Code marketplace, these vulnerabilities were found in legitimate and widely used tools. As a result, developers had no reason to suspect them, according to OX Security's advisory.
“Our research shows that a hacker needs only one malicious extension or a single vulnerability within one extension to perform lateral movement and compromise entire organizations,” the advisory stated.
The vulnerabilities also extended to Cursor and Windsurf, both AI-powered Integrated Development Environments (IDEs) built on the Visual Studio Code extension framework.
How the attacks worked
The most critical flaw, CVE-2025-65717, was discovered in Live Server, an extension that has been downloaded 72 million times. This extension allows developers to launch a local HTTP server for real-time browser previews. OX Security found that while Live Server was active, the server was accessible from any web page the developer visited, not just their own browser.
“Attackers only need to send a malicious link to the victim while Live Server is running in the background,” stated OX Security researchers Moshe Siman Tov Bustan and Nir Zadok.
CVE-2025-65715, rated high severity, affected Code Runner, which has 37 million downloads. This extension reads execution commands from a global configuration file, and OX Security discovered that a specially crafted entry could trigger arbitrary code execution, including reverse shells. Attackers could exploit this by tricking developers into pasting malicious snippets or through a compromised extension that alters the file silently.
The third identified flaw, CVE-2025-65716, with a CVSS score of 8.8, impacted Markdown Preview Enhanced, which has 8.5 million downloads. Simply opening a malicious Markdown file was sufficient to exploit this vulnerability. “A malicious Markdown file could execute scripts or embedded content to gather information about open ports on the victim’s machine,” the researchers noted.
Microsoft quietly patched its own extension
The fourth vulnerability involved Microsoft’s Live Preview extension, which has 11 million downloads. According to OX Security, this extension had a cross-site scripting flaw that allowed a malicious web page to enumerate files on a developer’s machine and exfiltrate sensitive information such as credentials and access keys.
The researchers reported this issue to Microsoft on August 7. Initially, Microsoft rated it as low severity, citing that user interaction was required.
“However, on September 11, 2025 without notifying us Microsoft quietly deployed a patch to address the XSS security issues we reported. We only recently discovered that this patch had been released,” the researchers added.
No CVE was assigned to this vulnerability. The researchers advised, “Users with Live Preview installed should update to version 0.4.16 or later immediately.”
Microsoft did not respond immediately to a request for comment.
These four vulnerabilities highlight a broader issue concerning the security and maintenance of developer tools.
What security teams should do
According to OX Security, “These vulnerabilities confirm that IDEs are the weakest link in an organization’s supply chain security.” Developer workstations often contain API keys, cloud credentials, database connection strings, and SSH keys. A successful exfiltration from a single machine could provide attackers with access to an organization’s broader infrastructure, posing risks of lateral movement and full system takeover.
The researchers recommend that developers disable extensions that are not actively in use and avoid browsing untrusted sites while localhost servers are running. They also cautioned against applying configuration snippets from unverified sources to the global settings of VS Code.
