Millions of developers could be impacted by flaws in Visual Studio Code extensions – here's what you need to know and how to protect yourself

Three newly discovered flaws in Visual Studio Code (VS Code) extensions enable local file exfiltration and remote code execution, researchers have warned, and they’ve been downloaded more than 128 million times.

The affected Integrated Development Environment (IDE) extensions are Code Runner (CVE-2025-65715), Markdown Preview Enhanced (CVE-2025-65716), and Markdown Preview Enhanced (CVE-2025-65717).

According to OX Security, the trio of flaws could enable lateral movement potential within connected networks. They also allow data exfiltration and system takeover when executed on a development machine running a localhost server, presenting a high risk of sensitive data exposure and potential machine takeover.

"IDEs are the weakest link in an organization’s supply chain security, and extensions are often a blind spot for security teams," OX Security noted in a blog post.

"Developers store their most sensitive information – business logic, API keys, database configurations, environment variables, and sometimes even customer data – on their local file systems, all accessible through the IDE."

Under the hood of the VS Code flaws

CVE-2025-65717 is the most serious vulnerability, with a CVSS score of 9.1. This flaw primarily affects Visual Studio Code Extensions Live Server v5.7.9, allowing attackers to exfiltrate files when a user interacts with a crafted HTML page.

Researchers warned this particular extension has been downloaded more than 72 million times.

CVE-2025-65715, meanwhile, carries a CVSS score of 7.8. This flaw relates to an issue in the code-runner.executorMap setting of Visual Studio Code Extensions Code Runner v0.12.2.

Downloaded 37 million times, this allows attackers to execute arbitrary code when opening a crafted workspace.

Elsewhere, CVE-2025-65716 affects Visual Studio Code Extensions Markdown Preview Enhanced v0.8.18, which boasts more than 8.5 million downloads. This flaw carries a CVSS score of 8.8 and allows attackers to execute arbitrary code via uploading a crafted .Md file.

The team also identified a flaw in Microsoft Live Preview, downloaded more than 11 million times, allowing One-Click XSS to full IDE files exfiltration; this was fixed in v0.4.16, with no CVE issued.

How developers can protect themselves

OX Security urged developers to avoid opening untrusted HTML while localhost servers are running or running servers on localhost.

Researchers said they should never paste or run snippets in the global settings.json from emails, chats, or unverified sources, and are advised to only install trusted extensions and monitor or back up settings.json to detect unexpected changes.

"Keeping vulnerable extensions installed on a machine is an immediate threat to an organization’s security posture: it may take only one click, or a downloaded repository, to compromise everything," Ox Security warned.

"Our research demonstrates that a hacker needs only one malicious extension, or a single vulnerability within one extension, to perform lateral movement and compromise entire organizations."

The flaws have flown under the radar

OX Security said it disclosed all three vulnerabilities in July and August 2025, but that none of the maintainers responded.

"The lack of response from extension maintainers, despite months of responsible disclosure attempts through multiple channels, underscores a systemic problem: there is no accountability framework for extension security, and no incentive structure to ensure timely remediation of critical vulnerabilities," the firm.

The company is now calling for mandatory security review processes before extensions are published to marketplaces in a similar vein to app store vetting.

In addition, OX Security also called for enforceable response requirements for maintainers of popular extensions, including mandatory CVE issuance and patch timelines.

FOLLOW US ON SOCIAL MEDIA

Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.

You can also follow ITPro on LinkedIn, X, Facebook, and BlueSky.