Popular Visual Studio Code extensions with more than 125 million installs have been found vulnerable to attacks that enable local file theft and arbitrary code execution on developers’ machines. Research by OX Security highlights serious security flaws in four widely used extensions: Live Server, Code Runner, Markdown Preview Enhanced and Microsoft Live Preview.
Why Visual Studio Code Extension Vulnerabilities Threaten Business Security
Modern software supply chains depend on integrated development environments (IDEs) and their plugins as much as on dependencies and build tools. Visual Studio Code extensions routinely access the file system, start local HTTP servers and communicate with external services. This effectively turns them into a full-fledged attack surface within the software supply chain.
According to OX Security, a single vulnerable or malicious extension may be enough for an attacker to move laterally inside a corporate environment and compromise the entire organization. For enterprise development teams, this translates into a heightened risk of leaking source code, secrets (API keys, access tokens), CI/CD configurations and other sensitive artifacts.
This risk is amplified by the popularity of VS Code. Stack Overflow’s Developer Survey consistently ranks Visual Studio Code as the most widely used IDE worldwide, which makes its ecosystem a high‑value target for threat actors seeking scalable supply chain entry points.
Live Server (CVE-2025-65717): Local File Theft via Localhost
The most severe issue identified is CVE-2025-65717 in the Live Server extension, rated 9.1 on the CVSS scale. Live Server spins up a local HTTP server, typically on localhost:5500, to preview web pages during development. The vulnerability stems from how the extension handles browser requests to this local server.
In a realistic attack scenario, a threat actor lures a developer to a specially crafted malicious website while Live Server is active. JavaScript embedded in the page silently sends requests to localhost:5500, reads files from the victim’s machine and exfiltrates them to an attacker-controlled domain. The browser is effectively abused as a proxy for data exfiltration over localhost.
The root cause is the lack of robust isolation and origin checks on incoming HTTP requests to the local server. Without enforcing strict controls, any website the developer visits can potentially query the local service. At the time of writing, no patch is available for CVE-2025-65717.
Markdown Preview Enhanced (CVE-2025-65716): JavaScript Execution from Markdown
The Markdown Preview Enhanced extension is affected by CVE-2025-65716, scored 8.8 on CVSS. The plugin offers rich markdown preview features, including support for embedded HTML and scripts. OX Security demonstrated that opening a specially crafted markdown file could trigger execution of arbitrary JavaScript code.
Once an attacker can run JavaScript in the context of the extension, they can enumerate local ports, interact with services exposed on localhost and initiate data leakage. This vector is particularly dangerous in shared repositories where malicious documentation can be disguised as harmless markdown files. A fix for CVE-2025-65716 is not yet available.
Code Runner (CVE-2025-65715): Remote Code Execution via Malicious Settings
The Code Runner extension, designed for quickly executing code snippets in multiple languages, contains a configuration-based remote code execution flaw tracked as CVE-2025-65715 with a 7.8 CVSS score.
To exploit this issue, an attacker only needs to persuade a developer—via phishing, misleading documentation or social engineering—to modify the settings.json file where VS Code stores extension configurations. By injecting or altering specific settings, a threat actor can replace the legitimate run command with a command that executes arbitrary code on the victim’s workstation. At the time of publication, no official patch has been released for this vulnerability.
Microsoft Live Preview: Similar File Exfiltration Bug Already Patched
A similar class of vulnerability was discovered in Microsoft Live Preview. Like Live Server, this extension uses a local HTTP server to render web pages in the browser. A malicious website could send JavaScript requests to localhost and read sensitive files from the developer’s machine.
According to OX Security, Microsoft addressed the issue in version 0.4.16, released in September 2025. Although the problem was not assigned a separate CVE identifier, its root cause mirrors the Live Server bug: insufficient restrictions on how the browser can talk to the local preview server.
Practical VS Code Security Best Practices for Organizations
The incident underscores that IDEs must be treated as high-value security assets, not just productivity tools. Compromising a developer environment often yields direct access to confidential code, internal tooling and production credentials.
Strengthen extension governance and configuration control
OX Security recommends avoiding unverified or externally imposed configuration changes, especially edits to settings.json suggested by third-party guides or snippets. Organizations should standardize an approved extension baseline, perform regular extension audits and remove unused plugins to reduce the attack surface.
Harden localhost and network exposure
Where feasible, teams should restrict inbound and outbound connections using host-based and network firewalls, including limiting browser access to localhost services. Local preview servers and other development daemons should be disabled or stopped when not actively required, shrinking the time window available for localhost exfiltration attacks.
Embed IDEs into the enterprise threat model
Organizations benefit from integrating VS Code and other IDEs into their formal threat modeling and security policies. This includes monitoring for vulnerable extensions, enforcing timely updates, implementing configuration management, and educating developers on risky behaviors such as opening untrusted projects or markdown files.
Poorly designed or over-privileged extensions—and outright malicious plugins—can modify files, execute arbitrary commands and ultimately provide a complete foothold on a developer workstation. It may take only one click on a malicious link or one cloned repository with a booby-trapped configuration for a vulnerable extension to become the initial access vector to a corporate network. By tightening governance around IDEs, curating extension usage and raising developer awareness, organizations can significantly reduce the likelihood that the next VS Code plugin vulnerability will escalate into a full-scale supply chain incident.
