Months after OX Security’s disclosure, three out of four critical vulnerabilities in widely used extensions are still awaiting patches.
Four immensely popular Visual Studio Code extensions, downloaded a collective 128 million times, harbored critical and high-severity vulnerabilities that could enable file theft, remote code execution, and internal network mapping, jeopardizing developers’ security.
This week, application security firm OX Security unveiled its findings, noting that while they informed vendors in June 2025, three of the four maintainers have yet to respond to their notifications.
On February 16, three specific Common Vulnerabilities and Exposures (CVEs) — CVE-2025-65717, CVE-2025-65715, and CVE-2025-65716 — were officially recognized and made public.
Visual Studio Code extensions are powerful add-ons that augment Microsoft’s popular code editor, bringing features like expanded language support, debugging utilities, real-time previews, and code execution. Their inherent broad access to local files, system terminals, and network resources made these newly discovered vulnerabilities particularly alarming.
Distinguishing them from the malicious extensions previously infiltrated into the VS Code marketplace by threat actors, these vulnerabilities were embedded in genuine, extensively used tools. This meant developers were entirely unaware of the inherent risks, as highlighted by OX Security in their official advisory.
“Our investigation reveals that a single compromised extension, or a solitary vulnerability within one, is sufficient for an attacker to achieve lateral movement and breach entire organizational systems,” the advisory further stated.
Notably, these vulnerabilities also extended to Cursor and Windsurf, the AI-driven Integrated Development Environments that leverage VS Code’s underlying extension framework.
OX Security issued separate advisories for each vulnerability, meticulously outlining the exploitation methods and the potential impact an attacker could inflict.
Unpacking the Attack Methods
The most critical flaw, CVE-2025-65717, impacted Live Server, an extension with 72 million downloads that initiates a local HTTP server for instant browser previews. OX Security discovered that this server was accessible from any webpage a developer might visit while the extension was active, not solely from their designated browser.
According to OX Security researchers Moshe Siman Tov Bustan and Nir Zadok, “Attackers merely need to send a malicious link to the target while Live Server operates in the background.”
Code Runner, boasting 37 million downloads, was vulnerable to CVE-2025-65715 (high severity). This extension processes execution commands from a global configuration file. OX Security identified that a specially crafted entry within this file could lead to arbitrary code execution, including the deployment of reverse shells. Attackers could achieve this by tricking a developer into pasting harmful code via phishing or by using another compromised extension to discreetly alter the configuration file.
Markdown Preview Enhanced, with 8.5 million downloads, was susceptible to CVE-2025-65716 (CVSS 8.8). This vulnerability could be activated simply by opening an untrusted Markdown file. The researchers observed, “A malicious Markdown file has the potential to execute scripts or embedded content designed to gather data on open ports from the victim’s machine.”
Microsoft’s Silent Fix for its Extension
The narrative for the fourth vulnerability diverged. Microsoft’s Live Preview extension, downloaded 11 million times, harbored a cross-site scripting vulnerability. OX Security indicated this flaw could allow a malicious webpage to list files in a developer’s root directory and steal sensitive data such as credentials, access keys, and other confidential information.
On August 7, the researchers alerted Microsoft to the problem. Microsoft initially assessed it as low severity, attributing this to the necessity of user interaction.
The researchers further noted, “However, on September 11, 2025, Microsoft discreetly issued a patch for the XSS security concerns we had reported, doing so without any prior notification to us. We only became aware of this deployment quite recently.”
This particular vulnerability did not receive a CVE assignment. The researchers advised, “Anyone using Live Preview should update to version 0.4.16 or newer without delay.”
Microsoft had not yet provided an immediate comment when contacted.
Collectively, these four flaws highlight a more pervasive issue concerning the security and maintenance practices surrounding developer tools.
Recommendations for Security Teams
In their advisory, OX Security researchers emphasized, “These vulnerabilities definitively demonstrate that Integrated Development Environments (IDEs) represent the most vulnerable point in an organization’s supply chain security.”
Developer workstations frequently store critical assets like API keys, cloud credentials, database connection strings, and SSH keys. OX Security cautioned that a successful data exfiltration from even one machine could grant an attacker entry to the organization’s wider infrastructure, with risks escalating to lateral movement and complete system compromise.
The researchers recommended that developers deactivate any extensions not currently in use and refrain from visiting untrusted websites when localhost servers are active. Additionally, they advised against incorporating configuration snippets from ununverified sources into VS Code’s global settings.
