Four popular VS Code extensions with 125M+ installs have flaws that could let hackers steal files and run code remotely. OX Security researchers warn that security flaws in four widely used VS Code extensions (Live Server, Code Runner, Markdown Preview Enhanced, and Microsoft Live Preview) could allow attackers to steal local files and execute code […] Four popular VS Code extensions with 125M+ installs have flaws that could let hackers steal files and run code remotely. OX Security researchers warn that security flaws in four widely used VS Code extensions (Live Server, Code Runner, Markdown Preview Enhanced, and Microsoft Live Preview) could allow attackers to steal local files and execute code remotely. These extensions have been installed over 125 million times, putting many users at risk. “The OX Security Research team found vulnerabilities in four popular VS Code extensions (later confirmed on Cursor and Windsurf). Three were assigned CVEs CVE-2025-65715, CVE-2025-65716, and CVE-2025-65717 totaling over 120 million downloads and posing a significant threat to developers worldwide.” reads the report published by OX Security. “Our research demonstrates that a hacker needs only one malicious extension, or a single vulnerability within one extension, to perform lateral movement and compromise entire organizations.“ Below are the flaws discovered by the researchers: CVE IDExtension NameCVSS ScoreDownloadsVulnerabilityAffected VersionsLinkCVE-2025-65717Live Server9.172M+Remote file exfiltrationAll versionsMarketplaceCVE-2025-65715Code Runner7.837M+Remote code executionAll versionsMarketplaceCVE-2025-65716Markdown Preview Enhanced8.88.5M+JavaScript code execution leading to local port scanning with potential data exfiltrationAll versionsMarketplaceNo CVE issuedMicrosoft Live Preview11M+One-Click XSS to full IDE files exfiltrationFixed in v0.4.16+ (no CVE issued, no proper credit) IDE extensions act like mini-admins with broad access to users’ systems. If users install poorly designed or malicious extensions, attackers can run code, modify files, and take over their machines. Opening a project or clicking a file can let attackers move laterally, steal data, and gain full control, putting sensitive information at high risk. Researchers disclosed three vulnerabilities in July August 2025 but received no response from the maintainers, despite reaching out via email, GitHub, and social media. Months of disclosure attempts went unanswered, highlighting a systemic issue: extension security lacks accountability and incentives for timely fixes. The experts remark that current “install at your own risk” model is no longer safe. Solutions include mandatory security reviews before publishing, AI-powered vulnerability scanning, and enforceable maintainer response rules. As AI coding assistants speed development and reliance on extensions grows, securing developer tools must start at the source. The experts recommend users should avoid opening untrusted HTML while localhost servers run and avoid running unnecessary servers. They should never paste or run unverified snippets in global settings.json. Users must install only trusted extensions, monitor or back up settings.json, disable or remove non-essential extensions, harden local networks with firewalls, and promptly apply security updates to IDEs, extensions, OS, and development dependencies. “The vulnerabilities discovered in these widely adopted VS Code extensions collectively downloaded over 128 million times expose a critical blind spot in modern development security.” concludes the report. “While organizations invest heavily in securing production environments, the developer’s local machine remains a largely unprotected gateway to an organization’s most sensitive assets.” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini (SecurityAffairs hacking, VS Code extensions)
Published: 2026-02-18T15:14:33