VS Code security alert: critical vulnerabilities in Live Server and other extensions with more than 128 million downloads that allow exfiltered files and run code

A few months ago, researchers at the Ox Security security firm focused on a problem that should concern anyone who uses Visual Studio Code with many installed extensions: high-gravity to critical security failures in very popular supplements that, together, exceed 128 million downloads. These errors allow from exfiltration of local files to remote code execution within the development environment, which makes them an ideal gateway for attacks that end with committed credentials or lateral movement in corporate networks.

The identified vulnerabilities affect widely used extensions: Live Server, Code Runner, Markdown Preview Enhanced and Microsoft Live Preview. Ox Security published detailed analysis for each case and states that its investigators tried to notify the maintenance staff since June 2025 without a response, and they finally made the investigations public. For those who want to see the technical reports, Ox Security has specific entries on Live Server, Code Runner, Markdown Preview Enhanced and the vulnerability of Live Preview.

Live Server, with tens of millions of downloads, is particularly worrying: according to Ox Security, a malicious website can take advantage of the fault identified as CVE-2025-65717 to access local files when the developer has a local server running. This is not a simple "defacement" of a browser tab: a well-designed explosion can extract files with secrets (API keys, tokens, configuration files) directly from your machine. The technical analysis is available on the Ox Security blog about Live Server.

Code Runner, another massive extension, was pointed out by a vulnerability listed as CVE-2025-65715 that allows remote code execution by manipulating configurations. In particular, an attacker can induce the victim to enter or paste malicious snippets into the global settings.json file, which ends up altering the behavior of the code executor. If a malicious actor gets your configuration to point to an executable or arbitrary command, the door opens to run code with your privileges; Ox Security describes how you can create that scenario in your Code Runner report.

Markdown Preview Enhanced, which facilitates rendering Markdown documents within the editor, also presented a failure (CVE-2025-65716, score 8.8) that allows JavaScript to run from specially manipulated Markdown files. Since many developers open third-party documents or local preview, a malicious Markdown file may be enough to run scripts in the context of the extension with the consequences that this brings. The Ox Security technical report examines the attack vector and the conditions for its exploitation.

In addition, in old versions of Microsoft Live Preview, what researchers describe as an "one-click XSS" vulnerability that affects the versions prior to 0.4.16; properly exploited, allows access to sensitive files of the development system. For technical verification and concept testing, Ox Security published an article that documents the XSS in Live Preview.

Ox Security warns that these failures are not limited to the VS Code itself: compatible editors or forks that support VS Code extensions, such as Cursor or Windsurf, could also be exposed if they load these vulnerable extensions. The real risk goes beyond the committed file: an attacker with access can steal keys, pivote into the network and eventually take control of systems, which raises the threat at the organizational level.

If you use VS Code, what can you do right now? The first thing is to check if you have the affected extensions installed and check if your maintainers have released corrective updates. In addition, Microsoft provides extension security guidance and the Workspace Trust function, which help limit the execution of unreliable code; these guides should be read and applied. Ox Security also publishes practical recommendations in its reports, including avoiding to run unnecessary local servers, not opening unverified HTML while the local server is active and not sticking configuration fragments into settings.json from unconfirmed sources.

Beyond specific measures, it is prudent to apply a more restrictive extension policy: to maintain only those you really need, to prefer authors and editors with good reputation and to monitor unexpected changes in the VS Code configuration. For corporate environments, isolating development with remote environments or containers reduces local equipment exposure; VS Code Remote Development documentation can serve as a starting point for this type of mitigation.

Last but not least, responsible vulnerability management requires communication between researchers and managers. The lack of response to Ox Security notifications explains in part why these failures became public: when they are not corrected in time, the risk window is extended. To consult the technical notes and concept tests published by the discoverers, check the Ox Security analyses on Live Server, Code Runner, Markdown Preview Enhanced and Live Preview. To deepen how VS Code deals with extension security and work space confidence, Microsoft official documentation is a good resource.

The moral is clear: the extensions make an IDE an extremely powerful tool, but also an attack surface. Using extensions is not in itself insecure, but requires prudence, updates and controls so that the development environment does not become the entry by which the attackers steal secrets or take whole systems.