Critical Vulnerabilities in VS Code Extensions Threaten 128 Million Developer Environments

Three critical vulnerabilities have been found in four popular Visual Studio Code extensions. These extensions have been downloaded over 128 million times. The vulnerabilities are identified as CVE-2025-65715, CVE-2025-65716, and CVE-2025-65717.

The findings from the OX Security Research team, later confirmed on Cursor and Windsurf IDEs, expose a systemic blind spot in modern software supply chain security: the developer’s own machine.

Integrated Development Environments (IDEs) are where developers store and interact with the most sensitive organizational assets, such as business logic, API keys, database configurations, environment variables, and customer data.

Extensions that operate with broad system-level permissions represent an unguarded gateway to it all. According to OX Security, a single malicious or vulnerable extension is sufficient to enable lateral movement and compromise an entire organization.

Extensions operate like privileged administrative processes embedded inside the IDE. They can execute code, read and modify files, and communicate across the local network all without raising standard security alerts.

CVE-2025-65717, rated 9.1 (Critical), allows attackers to remotely exfiltrate files from a developer’s machine through Live Server’s localhost functionality.

CVE-2025-65716 in Markdown Preview Enhanced (CVSS 8.8) enables JavaScript execution that can scan local ports and exfiltrate data, while CVE-2025-65715 in Code Runner (CVSS 7.8) opens the door to remote code execution, a worst-case scenario for any development environment.

Microsoft’s Live Preview extension contained an XSS vulnerability that enabled full IDE file exfiltration; it was quietly patched in v0.4.16 with no CVE issued and no public credit given to OX Security.

OX Security responsibly disclosed all three vulnerabilities to the respective maintainers in July and August 2025 through email, GitHub, and social channels.

As of the publication of this article, none of the maintainers have responded to a failure that highlights the absence of any enforceable accountability framework for extension security in popular IDE marketplaces, OX Security added.

Security teams and developers should treat IDE extensions with the same scrutiny applied to third-party software dependencies. Organizations are advised to audit installed extensions immediately and remove those that are non-essential.

Localhost servers should not be left running unnecessarily, and developers should avoid opening untrusted HTML files while any localhost server is active. Configurations such as settings.json should never be modified using snippets sourced from emails, chats, or unverified repositories.

At the platform level, OX Security calls for mandatory security reviews before extensions reach marketplaces, AI-powered automated scanning of new submissions, and enforceable patch response timelines for maintainers of high-download extensions.

With AI coding assistants driving rapid increases in extension reliance, the current “install at your own risk” model presents an unacceptable and growing organizational risk.

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.