Researchers at OX Security have detected four vulnerabilities in three of the most popular integrated development environments (IDEs) that could lead to cyber-attacks.
In a report published on February 17, OX Security shared details about the four new flaws, including two high-severity and one critical, affecting Microsoft Visual Studio Code (VS Code).
These vulnerabilities also impact Cursor and Windsurf, two forks of VS Code that provide AI-assisted software development tools (aka ‘vibe coding’ platforms).
The affected extensions were collectively downloaded over 128 million times.
The researchers warned that despite disclosing the vulnerabilities to these platforms’ maintainers in July and August 2025 through multiple channels, including direct email, their GitHub pages and social networks, none have yet responded.
Three of the vulnerabilities were disclosed by MITRE on February 16 and allocated a common vulnerabilities and exposures (CVE) identifier.
Vulnerabilities Affecting VS Code and ‘Vibe Coding’ Forks
The vulnerabilities described include:
- CVE-2025-65717 (CVSS v3.1 score: 9.1) is a vulnerability in the Live Server extension for VS Code – with over 72 million downloads – that allows a remote, unauthenticated attacker to exfiltrate files from a developer’s local machine. OX Security warned that attackers only need to send a malicious link to the victim while Live Server is running in the background to exploit the flaw
- CVE-2025-65716 (CVSS v3.1 score: 8.8) is a vulnerability in Markdown Preview Enhanced, a VS Code extension with over 8.5 million downloads designed to provide a richer Markdown authoring experience. It allows attackers to exploit how Markdown files preview HTML tags in order to execute arbitrary JavaScript code, which is able to communicate with localhost, allowing maliciously crafted Markdown files to scan the current local network and exfiltrate data to a remote server
- CVE-2025-65715 (CVSS v3.1 score: 7.8) is a vulnerability in Code Runner – an extension with over 37 million downloads – that allows attackers to execute arbitrary code (RCE) by convincing a user to alter the “settings.json” file through phishing or social engineering
- A fourth vulnerability in Microsoft Live Preview (over 11 million downloads) allows attackers to access sensitive files on a developer’s machine by tricking a victim into visiting a malicious website when the extension is running, which then enables specially crafted JavaScript requests targeting the localhost to enumerate and exfiltrate sensitive files
While OX Security claims that the first three vulnerabilities remains unpatched, the researchers said Microsoft silently fixed the fourth on in version 0.4.16 of VS Code released in September 2025. MITRE did not disclose the fourth vulnerability and it has not been assigned any CVE identifier.
Recommendations to IDE Users
OX Security said that the research demonstrated that a malicious hacker only needs to exploit a single vulnerability within one extension to perform lateral movement and compromise entire organizations.
These vulnerabilities “expose a critical blind spot in modern development security,” said the researchers.
“While organizations invest heavily in securing production environments, the developer’s local machine remains a largely unprotected gateway to an organization’s most sensitive assets.”
The OX Security report provided two sets of recommendations for IDE and vibe coding tool users to mitigate such vulnerabilities.
The first list of recommendations are workaround implementations in order to keep using the affected extensions without being impacted by potential exploits:
- Avoid opening untrusted HTML while localhost servers are running
- Avoid running servers on localhost
- Avoid applying untrusted configurations. Never paste or run snippets in the global settings.json from emails, chats or unverified sources
- Restrict extension risk. Only install trusted extensions, and monitor or back up settings.json to detect unexpected changes
In a second list of recommendations, the OX Security researchers outlined some general best practices for protecting IDEs:
- Disable or uninstall non-essential wxtensions
- Harden your local network by applying security controls like a well-configured local firewall to restrict inbound and outbound connections for development services
- Maintain a rigorous update schedule allowing for immediately applying security updates for all software, including IDEs, extensions, operating systems and development dependencies, to address known vulnerabilities quickly
Recommendations to IDE Extension Maintainers
Finally, the researchers also criticized the lack of response from extension maintainers despite months of responsible disclosure attempts through multiple channels.
“It underscores a systemic problem: there is no accountability framework for extension security and no incentive structure to ensure timely remediation of critical vulnerabilities,” they added.
They provided the maintainers of the affected extensions with some solutions to prevent such vulnerabilities to be exploited. These included:
- Mandatory security review processes before extensions are published to marketplaces, similar to app store vetting
- Automated vulnerability scanning using AI-powered security testing tools to analyze new extensions before they reach developers
- Enforceable response requirements for maintainers of popular extensions, including mandatory CVE issuance and patch timelines
