Critical Vulnerabilities in Popular VS Code Extensions Enable Local File Theft and Code Execution
Security researchers at OX Security disclosed multiple vulnerabilities across widely used Microsoft Visual Studio Code extensions—Live Server, Code Runner, Markdown Preview Enhanced, and Microsoft Live Preview—with combined installs reported at 125–128 million. The issues enable attacks ranging from local file exfiltration to arbitrary code/JavaScript execution, and highlight how a single vulnerable or malicious extension can be leveraged for broader compromise and potential lateral movement in developer environments.
Reported flaws include CVE-2025-65717 (Live Server; CVSS 9.1) enabling local file theft by luring a developer to a malicious site while the extension’s local server is running (e.g., localhost:5500), CVE-2025-65716 (Markdown Preview Enhanced; CVSS 8.8) allowing arbitrary JavaScript execution via a crafted .md file with subsequent local port enumeration and exfiltration, and CVE-2025-65715 (Code Runner; CVSS 7.8) enabling code execution by tricking users into modifying settings.json. Separate reporting on Microsoft Live Preview describes a one-click reflected XSS and unauthenticated request abuse against the extension’s local development server to enumerate and exfiltrate sensitive files (e.g., .env, API keys, source code); this Live Preview issue was reported as patched in version 0.4.16 via input sanitization (e.g., an escapeHTML function), while other extension issues were described as unpatched at the time of reporting.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
7 events from the most recent confirmed update back to the earliest known activity.
OX Security publicly discloses four extension vulnerabilities
OX Security published its findings, warning that flaws in four VS Code extensions with more than 125 million installs exposed developers to file exfiltration, XSS, and remote code execution. The disclosure highlighted IDE extensions as a supply-chain weak point that could enable lateral movement inside organizations.
Researchers confirm the same issues affect Cursor and Windsurf
OX Security said the extension-related issues were also confirmed in Cursor and Windsurf, extending the impact beyond standard VS Code deployments. This showed the risk applied across compatible IDE ecosystems used by developers.
Three extension flaws receive CVE assignments
The vulnerabilities affecting Code Runner, Markdown Preview Enhanced, and Live Server were assigned CVE-2025-65715, CVE-2025-65716, and CVE-2025-65717, respectively. Reports described these issues as affecting all versions of the impacted extensions and remaining unpatched at disclosure time.
Microsoft patches Live Preview in version 0.4.16
Microsoft released Live Preview version 0.4.16, fixing the XSS-to-file-exfiltration issue by adding HTML sanitization. Multiple reports say the patch was released without public acknowledgment and no CVE was assigned.
Microsoft receives report on Live Preview XSS flaw
OX Security researchers Nir Zadok and Moshe Siman Tov Bustan reported the Microsoft Live Preview one-click XSS and local file exfiltration issue to Microsoft. Microsoft initially assessed the issue as low severity because exploitation required specific conditions and user interaction.
Researchers begin disclosing flaws to extension maintainers
OX Security began coordinated disclosure of the extension vulnerabilities to maintainers in July 2025, using channels including email, GitHub, and social media. The disclosures covered the non-Microsoft extensions later tracked as CVE-2025-65715, CVE-2025-65716, and CVE-2025-65717.
OX Security discovers VS Code extension flaws
OX Security researchers discovered severe vulnerabilities affecting four popular Visual Studio Code extensions: Live Server, Code Runner, Markdown Preview Enhanced, and Microsoft Live Preview. The flaws could enable local file theft, JavaScript execution, remote code execution, and XSS-based exfiltration from developer environments.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
9 references tracked. Mallory keeps watching after this page renders.
Critical Vulnerabilities in VS Code Extensions Threaten 128 Million Developer Environments
cybersecuritynews.com
Open sourceSevere VS Code Extension CVEs Expose Developers to RCE and File Exfiltration
socradar.io
Open sourceCritical VS Code Extensions Flaws Threaten Supply Chain
thecyberexpress.com
Open sourceCritical VS Code extension vulnerabilities could lead to code execution and data theft | SC Media
scworld.com
Open sourceVS Code extensions with 125M+ installs expose users to cyberattacks
securityaffairs.com
Open sourceCritical Flaws Found in Four VS Code Extensions with Over 125 Million Installs
thehackernews.com
Open sourceMicrosoft VS Code Extension with 11M Downloads Expose Developers to One-Click XSS Attacks
cybersecuritynews.com
Open sourceFlaws in four popular VS Code extensions left 128 million installs open to attack | CSO Online
csoonline.com
Open sourceIDE Extension Vulnerabilities Expose Massive Security Blind Spot
ox.security
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Ox Security disclosures of high-severity vulnerabilities in popular VSCode extensions
Security researchers at **Ox Security** reported multiple high-to-critical vulnerabilities in widely used *Visual Studio Code* extensions—collectively exceeding **128 million downloads**—that could enable **local file exfiltration** and **code execution** in developer environments. The issues highlighted include **Live Server** (**CVE-2025-65717**), **Code Runner** (**CVE-2025-65715**, referenced in reporting but not included as a CVE entry here), **Markdown Preview Enhanced** (**CVE-2025-65716**), and *Microsoft Live Preview* (no CVE cited in the reporting). Ox Security stated it attempted disclosure starting in June 2025 but did not receive responses from maintainers, warning that exploitation could support **lateral movement**, **data theft**, and **system takeover** in corporate networks where developer workstations are a pivot point. The CVE records included in this set describe two of the extension flaws in more detail: **CVE-2025-65717** (Live Server v5.7.9) allows attackers to **exfiltrate files** when a user interacts with a crafted HTML page, and **CVE-2025-65716** (Markdown Preview Enhanced v0.8.18) can lead to **arbitrary code execution** via a crafted `.md` file (user interaction required). Other items in the feed are unrelated, covering a broad mix of independent vulnerabilities (e.g., Tenable Security Center command injection, LightLLM unsafe deserialization RCE, libvpx heap overflow affecting Firefox/Thunderbird, and multiple router/IoT hard-coded credential and command-injection issues) and should not be treated as part of the VSCode-extension disclosure story.
Mar 21, 2026
Microsoft Fixes Visual Studio Code Elevation of Privilege Flaws
Microsoft disclosed and patched multiple **elevation of privilege** vulnerabilities affecting **Visual Studio Code** and its **JS Debug Extension**, including `CVE-2025-24039`, `CVE-2025-24042`, and `CVE-2026-41613`. The latest issue, `CVE-2026-41613`, is rated **Important** with a **CVSS 3.1 score of 8.8** and is described as a **session fixation** flaw mapped to `CWE-384` and `CWE-78`. Microsoft said the vulnerability affects Visual Studio Code itself, while the earlier 2025 advisories cover separate privilege-escalation bugs in the core product and the JS Debug Extension. According to Microsoft, exploitation of `CVE-2026-41613` requires **user interaction**, specifically convincing a target to open a malicious file in VS Code, and could allow an attacker to obtain the permissions of the **MCP Server’s managed identity**. Microsoft said the flaw was **not publicly disclosed** and **not exploited** at the time of release, assessed exploitation as **less likely**, and made a fix available; the issue was credited to **Elad Luz of Oasis Security** through coordinated disclosure.
May 25, 2026
VS Code Extensions Leak Sensitive Secrets, Exposing Users to Supply Chain Attacks
Researchers discovered that over 550 sensitive secrets were inadvertently leaked through more than 500 Visual Studio Code (VS Code) extensions available on both the VS Code and Open VSX marketplaces. These secrets included access and authorization tokens, credentials, API keys, encryption keys, and certificates, which are critical for securing access to various platforms and services. The investigation, conducted by Wiz Security, revealed that the leaked secrets spanned 67 categories, with the majority falling into three main groups: generative AI platforms, high-risk professional platforms such as AWS, GCP, Auth0, and GitHub, and databases like MongoDB and Postgres. Notably, more than 100 of the exposed secrets would have allowed attackers to update the affected extensions themselves. Because VS Code automatically updates extensions, this created a significant risk that attackers could deploy malicious updates to a large user base without user intervention. Wiz Security estimated that, had these vulnerabilities been exploited, malware could have been pushed to approximately 150,000 users in a single attack. The risk was not limited to code-heavy extensions; even theme extensions, which are often perceived as harmless, were found to be capable of introducing malware. The research highlighted that some internal extensions, such as those published by large corporations for internal use, were inadvertently made public, further increasing the attack surface. Vendor-specific extensions, commonly used for convenience, were identified as particularly attractive targets for attackers due to their potential for targeted exploitation. Microsoft was notified of the findings and worked with the researchers to address the issues and mitigate the risks. The incident underscores the importance of rigorous security practices in extension development and the need for continuous monitoring of third-party code in software supply chains. The exposure of secrets in widely used development tools like VS Code demonstrates how supply chain vulnerabilities can have far-reaching consequences. Organizations are advised to audit their use of extensions, restrict unnecessary permissions, and ensure that sensitive credentials are never hardcoded or exposed in public repositories. The case also serves as a warning about the risks of publishing internal tools to public marketplaces, as this can inadvertently expose sensitive infrastructure to external threats. The findings have prompted calls for improved vetting processes for extensions and greater awareness among developers about the risks of credential leakage. This incident is a stark reminder that even seemingly minor oversights in software development can lead to large-scale security incidents affecting tens of thousands of users. The potential for automated malware deployment through compromised extensions highlights the evolving nature of supply chain threats in the software ecosystem. Security researchers continue to monitor the situation and recommend best practices for extension security to prevent similar incidents in the future.
Mar 21, 2026