Security Update for Microsoft Visual Studio Code CoPilot Chat Extension (November 2025)

The Microsoft Visual Studio Code CoPilot Chat Extension prior to version 0.32.5. It is, therefore, affected by multiple vulnerabilities. - This vulnerability is a command injection flaw in the Visual Studio Code Copilot Chat Extension, where improper handling of special characters in...

Visual Studio Tools for Applications Elevation of Privilege (CVE-2025-29803)

In VSTA 2019 prior 16.0.35907.0 and VSTA 2022 prior to 17.0.35906.0, the software contains a vulnerability CVE-2025-29803 that could allow remote or local attackers to execute arbitrary code or escalate privileges within the host application, potentially compromising systems that rely on VSTA for...

Fake Prettier Extension on VSCode Marketplace Dropped Anivia Stealer

Cybersecurity firm Checkmarx Zero, in collaboration with Microsoft, removed a malicious 'prettier-vscode-plus' extension from the VSCode Marketplace. The fake coding tool was a Brandjacking attempt designed to deploy Anivia Stealer malware and steal Windows user credentials and data...

ROS-20251124-01

A vulnerability in the ASP.NET Core software platform and Microsoft's software development tool, Visual Studio, is related to authentication bypass. Visual Studio is related to authentication bypass. Exploitation of the vulnerability could allow an attacker, acting remotely to escalate their...

CVE-2025-64660

Improper access control in GitHub Copilot and Visual Studio Code allows an authorized attacker to execute code over a network...

EUVD-2025-198368

Improper access control in GitHub Copilot and Visual Studio Code allows an authorized attacker to bypass a security feature over a network...

CVE-2025-64660

Improper access control in GitHub Copilot and Visual Studio Code allows an authorized attacker to execute code over a network...

CVE-2025-64660

Improper access control in GitHub Copilot and Visual Studio Code allows an authorized attacker to execute code over a network...

CVE-2025-64660 GitHub Copilot and Visual Studio Code Remote Code Execution Vulnerability

...

CVE-2025-64660

CVE-2025-64660 affects GitHub Copilot and Visual Studio Code with an improper access control flaw that enables an authorized attacker to execute code over a network. The vulnerability is described as a remote code execution issue due to access-control bypass, impacting Visual Studio Code and GitH...

CVE-2025-64660 GitHub Copilot and Visual Studio Code Remote Code Execution Vulnerability

...

GitHub Copilot and Visual Studio Code Remote Code Execution Vulnerability

Improper access control in GitHub Copilot and Visual Studio Code allows an authorized attacker to execute code over a network...

Microsoft Visual Studio Code 访问控制错误漏洞

Microsoft Visual Studio Code is an open source code editor from Microsoft Corporation USA. An access control error vulnerability exists in Microsoft Visual Studio Code that stems from improper access control and could lead to bypassing security features...

KLA90452 SB vulnerability in Microsoft Developer Tools

A security feature bypass vulnerability was found in Microsoft Developer Tools. Malicious users can exploit this vulnerability to bypass security restrictions. Original advisories CVE-2025-64660 Related products Visual-Studio-Code CVE list CVE-2025-64660 critical Solution Install necessary update...

PT-2025-47646

Name of the Vulnerable Software and Affected Versions GitHub Copilot and Visual Studio Code affected versions not specified Description An issue with access control exists in GitHub Copilot and Visual Studio Code. This allows an authorized attacker to bypass a security feature over a network...

MAL-2025-191164 Malicious code in JScearcy.rust-doc-viewer (VSCode:https://open-vsx.org)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 1dbdd73bf66fbfde48d73e86ebfbb11ca8bb6f44ff57a5030596fc189f962ddf This extension is malicious. When installed it runs an info stealer that exfiltrates user data including credentials and cryptocurrency...

Malicious code in SIRILMP.dark-theme-sm (VSCode:https://open-vsx.org)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a30acc5c978ef579bc01603521f705b16016df5a2e72e44e1c0f3222ff2e6068 This extension is malicious. When installed it runs an info stealer that exfiltrates user data including credentials and cryptocurrency...

MAL-2025-191159 Malicious code in codejoy.codejoy-vscode-extension (VSCode:https://open-vsx.org)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 6039e624de3c28cc21aa1c268dc71e67352c90ec642f4efc51fc47de34f9d47b This extension is malicious. When installed it runs an info stealer that exfiltrates user data including credentials and cryptocurrency...

MAL-2025-191160 Malicious code in ellacrity.recoil (VSCode:https://open-vsx.org)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security c10eec28bf8da96caa61583697ae4e44102b7a4f1b84e361e0f609be824a79c6 This extension is malicious. When installed it runs an info stealer that exfiltrates user data including credentials and cryptocurrency...

MAL-2025-191167 Malicious code in SIRILMP.dark-theme-sm (VSCode:https://open-vsx.org)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a30acc5c978ef579bc01603521f705b16016df5a2e72e44e1c0f3222ff2e6068 This extension is malicious. When installed it runs an info stealer that exfiltrates user data including credentials and cryptocurrency...