Critical Vulnerabilities in Popular VS Code Extensions Enable Local File Theft and Code Execution
Security researchers at OX Security disclosed multiple vulnerabilities across widely used Microsoft Visual Studio Code extensions—Live Server, Code Runner, Markdown Preview Enhanced, and Microsoft Live Preview—with combined installs reported at 125–128 million. The issues enable attacks ranging from local file exfiltration to arbitrary code/JavaScript execution, and highlight how a single vulnerable or malicious extension can be leveraged for broader compromise and potential lateral movement in developer environments.
Reported flaws include CVE-2025-65717 (Live Server; CVSS 9.1) enabling local file theft by luring a developer to a malicious site while the extension’s local server is running (e.g., localhost:5500), CVE-2025-65716 (Markdown Preview Enhanced; CVSS 8.8) allowing arbitrary JavaScript execution via a crafted .md file with subsequent local port enumeration and exfiltration, and CVE-2025-65715 (Code Runner; CVSS 7.8) enabling code execution by tricking users into modifying settings.json. Separate reporting on Microsoft Live Preview describes a one-click reflected XSS and unauthenticated request abuse against the extension’s local development server to enumerate and exfiltrate sensitive files (e.g., .env, API keys, source code); this Live Preview issue was reported as patched in version 0.4.16 via input sanitization (e.g., an escapeHTML function), while other extension issues were described as unpatched at the time of reporting.
Timeline
Feb 17, 2026
OX Security publicly discloses four extension vulnerabilities
OX Security published its findings, warning that flaws in four VS Code extensions with more than 125 million installs exposed developers to file exfiltration, XSS, and remote code execution. The disclosure highlighted IDE extensions as a supply-chain weak point that could enable lateral movement inside organizations.
Feb 17, 2026
Researchers confirm the same issues affect Cursor and Windsurf
OX Security said the extension-related issues were also confirmed in Cursor and Windsurf, extending the impact beyond standard VS Code deployments. This showed the risk applied across compatible IDE ecosystems used by developers.
Sep 11, 2025
Three extension flaws receive CVE assignments
The vulnerabilities affecting Code Runner, Markdown Preview Enhanced, and Live Server were assigned CVE-2025-65715, CVE-2025-65716, and CVE-2025-65717, respectively. Reports described these issues as affecting all versions of the impacted extensions and remaining unpatched at disclosure time.
Sep 11, 2025
Microsoft patches Live Preview in version 0.4.16
Microsoft released Live Preview version 0.4.16, fixing the XSS-to-file-exfiltration issue by adding HTML sanitization. Multiple reports say the patch was released without public acknowledgment and no CVE was assigned.
Aug 7, 2025
Microsoft receives report on Live Preview XSS flaw
OX Security researchers Nir Zadok and Moshe Siman Tov Bustan reported the Microsoft Live Preview one-click XSS and local file exfiltration issue to Microsoft. Microsoft initially assessed the issue as low severity because exploitation required specific conditions and user interaction.
Jul 1, 2025
Researchers begin disclosing flaws to extension maintainers
OX Security began coordinated disclosure of the extension vulnerabilities to maintainers in July 2025, using channels including email, GitHub, and social media. The disclosures covered the non-Microsoft extensions later tracked as CVE-2025-65715, CVE-2025-65716, and CVE-2025-65717.
Jun 1, 2025
OX Security discovers VS Code extension flaws
OX Security researchers discovered severe vulnerabilities affecting four popular Visual Studio Code extensions: Live Server, Code Runner, Markdown Preview Enhanced, and Microsoft Live Preview. The flaws could enable local file theft, JavaScript execution, remote code execution, and XSS-based exfiltration from developer environments.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Vulnerabilities
Organizations
Affected Products
Sources
4 more from sources like the hacker news, cyber security news, cso online and ox.security
Related Stories
Ox Security disclosures of high-severity vulnerabilities in popular VSCode extensions
Security researchers at **Ox Security** reported multiple high-to-critical vulnerabilities in widely used *Visual Studio Code* extensions—collectively exceeding **128 million downloads**—that could enable **local file exfiltration** and **code execution** in developer environments. The issues highlighted include **Live Server** (**CVE-2025-65717**), **Code Runner** (**CVE-2025-65715**, referenced in reporting but not included as a CVE entry here), **Markdown Preview Enhanced** (**CVE-2025-65716**), and *Microsoft Live Preview* (no CVE cited in the reporting). Ox Security stated it attempted disclosure starting in June 2025 but did not receive responses from maintainers, warning that exploitation could support **lateral movement**, **data theft**, and **system takeover** in corporate networks where developer workstations are a pivot point. The CVE records included in this set describe two of the extension flaws in more detail: **CVE-2025-65717** (Live Server v5.7.9) allows attackers to **exfiltrate files** when a user interacts with a crafted HTML page, and **CVE-2025-65716** (Markdown Preview Enhanced v0.8.18) can lead to **arbitrary code execution** via a crafted `.md` file (user interaction required). Other items in the feed are unrelated, covering a broad mix of independent vulnerabilities (e.g., Tenable Security Center command injection, LightLLM unsafe deserialization RCE, libvpx heap overflow affecting Firefox/Thunderbird, and multiple router/IoT hard-coded credential and command-injection issues) and should not be treated as part of the VSCode-extension disclosure story.
1 months ago
VS Code Extensions Leak Sensitive Secrets, Exposing Users to Supply Chain Attacks
Researchers discovered that over 550 sensitive secrets were inadvertently leaked through more than 500 Visual Studio Code (VS Code) extensions available on both the VS Code and Open VSX marketplaces. These secrets included access and authorization tokens, credentials, API keys, encryption keys, and certificates, which are critical for securing access to various platforms and services. The investigation, conducted by Wiz Security, revealed that the leaked secrets spanned 67 categories, with the majority falling into three main groups: generative AI platforms, high-risk professional platforms such as AWS, GCP, Auth0, and GitHub, and databases like MongoDB and Postgres. Notably, more than 100 of the exposed secrets would have allowed attackers to update the affected extensions themselves. Because VS Code automatically updates extensions, this created a significant risk that attackers could deploy malicious updates to a large user base without user intervention. Wiz Security estimated that, had these vulnerabilities been exploited, malware could have been pushed to approximately 150,000 users in a single attack. The risk was not limited to code-heavy extensions; even theme extensions, which are often perceived as harmless, were found to be capable of introducing malware. The research highlighted that some internal extensions, such as those published by large corporations for internal use, were inadvertently made public, further increasing the attack surface. Vendor-specific extensions, commonly used for convenience, were identified as particularly attractive targets for attackers due to their potential for targeted exploitation. Microsoft was notified of the findings and worked with the researchers to address the issues and mitigate the risks. The incident underscores the importance of rigorous security practices in extension development and the need for continuous monitoring of third-party code in software supply chains. The exposure of secrets in widely used development tools like VS Code demonstrates how supply chain vulnerabilities can have far-reaching consequences. Organizations are advised to audit their use of extensions, restrict unnecessary permissions, and ensure that sensitive credentials are never hardcoded or exposed in public repositories. The case also serves as a warning about the risks of publishing internal tools to public marketplaces, as this can inadvertently expose sensitive infrastructure to external threats. The findings have prompted calls for improved vetting processes for extensions and greater awareness among developers about the risks of credential leakage. This incident is a stark reminder that even seemingly minor oversights in software development can lead to large-scale security incidents affecting tens of thousands of users. The potential for automated malware deployment through compromised extensions highlights the evolving nature of supply chain threats in the software ecosystem. Security researchers continue to monitor the situation and recommend best practices for extension security to prevent similar incidents in the future.
1 months ago
Malicious Extension Supply Chain Risk in AI-Powered VS Code Forks
A critical security flaw has been identified in several popular AI-powered integrated development environments (IDEs) forked from Visual Studio Code, including Cursor, Windsurf, and Google Antigravity. These IDEs, which collectively serve millions of developers, were found to recommend extensions that do not exist in their supported OpenVSX marketplace. Because these extensions' namespaces were unclaimed, attackers could register them and upload malicious packages, which would then be presented as official recommendations to users. Security researchers demonstrated the risk by claiming these namespaces and uploading harmless placeholder extensions, which were still installed by over 1,000 developers, highlighting the high level of trust placed in automated extension suggestions. The vulnerability arises from inherited configuration files that point to Microsoft's extension marketplace, which these forks cannot legally use, leading to reliance on OpenVSX. Both file-based and software-based recommendations can trigger the installation prompt for these non-existent extensions, such as when opening an `azure-pipelines.yaml` file or detecting PostgreSQL on a system. The incident underscores a significant supply chain risk, as malicious actors could exploit this gap to distribute harmful code, potentially resulting in the theft of credentials, secrets, or source code. Vendor responses varied, with some IDEs addressing the issue promptly after disclosure, while others were slower to react.
1 months ago