Researchers have uncovered vulnerabilities in four widely used VS Code extensions, collectively installed more than 125 million times, raising renewed concerns about the security of the modern software development supply chain.
The affected extensions, Live Server, Code Runner, Markdown Preview Enhanced, and Microsoft Live Preview, integrate directly into the Microsoft Visual Studio Code IDE, a development environment relied upon by millions of programmers worldwide.
The findings were disclosed by OX Security researchers, who warned that the risks extend far beyond individual developer machines. “Our research demonstrates that a hacker needs only one malicious extension, or a single vulnerability within one extension, to perform lateral movement and compromise entire organizations,” they said in a report detailing the flaws.
According to Bustan and Zadok, development environments represent a critical weakness in enterprise defenses. “IDEs are the weakest link in an organization’s supply chain security, and extensions are often a blind spot for security teams. Developers store their most sensitive information, business logic, API keys, database configurations, environment variables, and sometimes even customer data, on their local file systems, all accessible through the IDE.”
High-Risk VS Code Extensions Expose Millions of IDE Installations
The research team identified vulnerabilities in four popular VS Code extensions, findings that were later confirmed on Cursor and Windsurf. Three of the flaws were assigned Common Vulnerabilities and Exposures (CVE) identifiers:
- CVE-2025-65717: Live Server – CVSS score of 9.1 – more than 72 million downloads – Remote file exfiltration – All versions affected
- CVE-2025-65715: Code Runner – CVSS score of 7.8 – more than 37 million downloads – Remote code execution – All versions affected
- CVE-2025-65716: Markdown Preview Enhanced – CVSS score of 8.8 – more than 8.5 million downloads – JavaScript code execution leading to local port scanning with potential data exfiltration – All versions affected
A fourth issue impacted Microsoft Live Preview, which has over 11 million downloads. No CVE was issued for this flaw. Researchers described it as a “One-Click XSS to full IDE files exfiltration” vulnerability. The issue was fixed in version 0.4.16 and later, though no CVE identifier was assigned, and the researchers stated they did not receive proper credit.
Altogether, the three CVE-tracked vulnerabilities account for more than 120 million downloads. Including Microsoft Live Preview, the total exposure surpasses 128 million installations.
Why IDE Extensions Are a Weak Link in the Software Supply Chain
Extensions inside an IDE operate with extensive privileges. They can read and modify files, execute code, and interact with local servers. While these capabilities improve productivity, they also expand the attack surface. Poorly written, overly permissive, or malicious VS Code extensions can allow attackers to execute arbitrary code, extract sensitive data, or take control of a developer’s system.
The researchers emphasized that keeping vulnerable extensions installed presents an immediate threat to organizational security posture. In some scenarios, exploitation could require nothing more than opening a malicious HTML file while a localhost server is running or downloading a compromised repository. Because development machines often connect to internal systems, a single compromised IDE could enable lateral movement across corporate networks, amplifying the impact across the broader supply chain.
The potential consequences outlined in the report include:
- Lateral movement within connected networks.
- Data exfiltration and system takeover when exploited on a development machine running a localhost server.
- Exposure of sensitive assets such as API keys, database credentials, proprietary code, and configuration files.
Given the central role developers play in building and maintaining applications, a breach originating from vulnerable VS Code extensions can ripple outward, affecting production systems and customers.
Responsible Disclosure Raises Questions
The researchers disclosed the three CVE-tracked vulnerabilities in July and August 2025. According to the team, none of the maintainers responded to their outreach. They reported attempting contact through direct email, GitHub pages, and social networks, but received no response.
The lack of engagement highlights what the researchers describe as a systemic issue: no clear accountability framework for extension security and no enforceable requirements for timely remediation. Without structured oversight, organizations remain dependent on individual maintainers to address flaws in widely adopted VS Code extensions that directly impact supply chain security.
To mitigate risk, the researchers advised developers to avoid opening untrusted HTML files while localhost servers are running and to refrain from operating unnecessary local servers. They also cautioned against applying untrusted configurations, particularly snippets pasted into global settings.json files from emails, chats, or unverified sources.
Organizations should limit extension-related exposure by installing only trusted extensions, monitoring or backing up settings.json files to detect unexpected changes, disabling non-essential tools, hardening local networks with properly configured firewalls, and maintaining a rigorous update schedule for the IDE, extensions, operating systems, and development dependencies.
