Vulnerabilities with high to critical severity ratings affecting popular Visual Studio Code (VSCode) extensions collectively downloaded more than 128 million times could be exploited to steal local files and execute code remotely.
The security issues impact Live Server (CVE-2025-65715), Code Runner (CVE-2025-65716), Markdown Preview Enhanced (CVE-2025-65717), and Microsoft Live Preview (no identifier assigned).
Researchers at application security company Ox Security discovered the flaws and tried to disclose them since June 2025. However, the researchers say that no maintainer responded.
Remote code execution in IDE
VSCode extensions are add-ons that expand the functionality of Microsoft’s integrated development environment (IDE). They can add language support, debugging tools, themes, and other functionality or customization options.
They run with significant access to the local development environment, including files, terminals, and network resources.
Ox Security published reports for each of the discovered flaws and warned that keeping the vulnerable extensions could expose the corporate environment to lateral movement, data exfiltration, and system takeover.
An attacker exploiting the CVE-2025-65717 critical vulnerability in the Live Server extension (over 72 million downloads on VSCode) can steal local files by directing the target to a malicious webpage.
The CVE-2025-65715 vulnerability in the Code Runner VSCode extension, with 37 million downloads, allows remote code execution by changing the extension’s configuration file. This could be achieved through tricking the target into pasting or applying a maliciously configuration snippet in the global settings.json file.
Rated with a high-severity score of 8.8, CVE-2025-65716 affects the Markdown Preview Enhanced (8.5 million downloads) and can be leveraged to execute JavaScript via maliciously crafted Markdown file.
Ox Security researchers discovered a one-click XSS vulnerability in versions of Microsoft Live Preview before 0.4.16. It can be exploited to access sensitive files on a developer’s machine. The extension has more than 11 million downloads on VSCode.
[embedded content]
The flaws in the extensions also apply to Cursor and Windsurf, which are AI-powered VSCode-compatible alternative IDEs.
Ox Security’s report highlights that the risks associated with a threat actor leveraging the issues include pivoting on the network and stealing sensitive details like API keys and configuration files.
Developers are advised to avoid running localhost servers unless necessary, opening untrusted HTML while they’re running, and applying untrusted configurations or pasting snippets into settings.json.
Also, it is advisable to remove unnecessary extensions and only install those from reputable publishers, while monitoring for unexpected setting changes.
Modern IT infrastructure moves faster than manual workflows can handle.
In this new Tines guide, learn how your team can reduce hidden manual delays, improve reliability through automated response, and build and scale intelligent workflows on top of tools you already use.
