The OX Research team has found vulnerabilities (CVE-2025-65715, CVE-2025-65716, CVE-2025-65717) in four popular IDE Extensions – confirming IDEs are the weakest link in an organization’s supply chain security, bearing low exploit and high risk.
IDEs are the weakest link in an organization’s supply chain security, and extensions are often a blind spot for security teams. Developers store their most sensitive information – business logic, API keys, database configurations, environment variables, and sometimes even customer data – on their local file systems, all accessible through the IDE.
The OX Security Research team found vulnerabilities in four popular VS Code extensions (later confirmed on Cursor and Windsurf). Three were assigned CVEs – CVE-2025-65715, CVE-2025-65716, and CVE-2025-65717 – totaling over 120 million downloads and posing a significant threat to developers worldwide.
Our research demonstrates that a hacker needs only one malicious extension, or a single vulnerability within one extension, to perform lateral movement and compromise entire organizations.
Research Findings
| CVE ID | Extension Name | CVSS Score | Downloads | Vulnerability | Affected Versions | Link |
| CVE-2025-65717 | Live Server | 9.1 | 72M+ | Remote file exfiltration | All versions | Marketplace |
| CVE-2025-65715 | Code Runner | 7.8 | 37M+ | Remote code execution | All versions | Marketplace |
| CVE-2025-65716 | Markdown Preview Enhanced | 8.8 | 8.5M+ | JavaScript code execution leading to local port scanning with potential data exfiltration | All versions | Marketplace |
| No CVE issued | Microsoft Live Preview | 11M+ | One-Click XSS to full IDE files exfiltration | Fixed in v0.4.16+ (no CVE issued, no proper credit) |
Read our full technical analysis:
- Live Server CVE-2025-65717
- Code Runner CVE-2025-65715
- Markdown Preview Enhanced CVE-2025-65716
- Microsoft Live Preview
Why Is It So Important?
Extensions are like little admins living inside your IDE. Each one has broad capabilities and connects directly to your development machine. Poorly written extensions, overly permissive extensions, or malicious ones can execute code, modify files, and allow attackers to take over a machine and exfiltrate information.
Keeping vulnerable extensions installed on a machine is an immediate threat to an organization’s security posture: it may take only one click, or a downloaded repository, to compromise everything.
Potential Damage
- Lateral movement potential within connected networks
- Data exfiltration and system takeover when executed on a development machine running a localhost server, creating a high likelihood of sensitive data exposure and potential machine takeover
Recommendations
- Avoid opening untrusted HTML while localhost servers are running.
- Avoid running servers on localhost.
- Avoid applying untrusted configurations. Never paste or run snippets in the global settings.json from emails, chats, or unverified sources.
- Restrict extension risk. Only install trusted extensions, and monitor or back up settings.json to detect unexpected changes.
General Best Practices for protecting your development environment:
- Disable or Uninstall Non-Essential Extensions: Reduce your attack surface by disabling or uninstalling development tools, extensions, or services that are not actively required for your current work.
- Harden Your Local Network: Use a well-configured local firewall to restrict inbound and outbound connections for development services, ensuring they are only accessible when absolutely necessary and from trusted sources.
- Maintain a Rigorous Update Schedule: Establish a routine for immediately applying security updates for all software, including IDEs, extensions, operating systems, and development dependencies, to address known vulnerabilities quickly.
Responsible Disclosure
We disclosed all three vulnerabilities in July and August 2025. To date, none of the maintainers have responded.
We reached out to them through multiple channels, including direct email, their GitHub pages, and social networks, but received no response.
Conclusions
The vulnerabilities discovered in these widely adopted VS Code extensions – collectively downloaded over 128 million times – expose a critical blind spot in modern development security. While organizations invest heavily in securing production environments, the developer’s local machine remains a largely unprotected gateway to an organization’s most sensitive assets.
The lack of response from extension maintainers, despite months of responsible disclosure attempts through multiple channels, underscores a systemic problem: there is no accountability framework for extension security, and no incentive structure to ensure timely remediation of critical vulnerabilities.
This cannot continue.
Several solutions exist to address this crisis:
- Mandatory security review processes before extensions are published to marketplaces, similar to app store vetting
- Automated vulnerability scanning using AI-powered security testing tools to analyze new extensions before they reach developers
- Enforceable response requirements for maintainers of popular extensions, including mandatory CVE issuance and patch timelines
The current “install at your own risk” model is no longer tenable. With AI coding assistants accelerating development velocity and increasing reliance on IDE extensions, the attack surface is growing exponentially. Security must start at the source – and that means securing the tools developers use every day.
)
