Severe VS Code Extension CVEs Expose Developers to RCE and File Exfiltration

A recent report highlighted a coordinated disclosure affecting four popular Visual Studio Code (VS Code) extensions: Live Server, Code Runner, Markdown Preview Enhanced, and Microsoft Live Preview. Three of the issues are tracked as CVEs, and as of publication, no maintainer patches or official responses have been released, significantly affecting how defenders should approach mitigation.

This post breaks down what these CVEs are, which versions are in scope, whether exploitation is happening, and what actions security teams should prioritize right now.

What Are CVE-2025-65715, CVE-2025-65716 & CVE-2025-65717?

These vulnerabilities affect widely installed VS Code extensions that many developers treat as safe productivity tooling, even though they sit close to high-risk workflows like command execution, local preview servers, and rendering untrusted content.

CVE-2025-65715 (CVSS 7.8) in Code Runner: risk centers on remote code execution when attacker-controlled settings influence how Code Runner builds and executes commands.

Details of CVE-2025-65715 (SOCRadar Vulnerability Intelligence)

CVE-2025-65716 (CVSS 8.8) in Markdown Preview Enhanced: risk centers on JavaScript execution inside the Markdown preview context, enabling actions like local port enumeration and data exfiltration, with potential chaining paths depending on the environment.
CVE-2025-65717 (CVSS 9.1) in Live Server: risk centers on local file exfiltration when a developer runs Live Server and then visits a malicious external webpage that can interact with the localhost server.
A fourth vulnerability, currently unassigned a CVE, that affects Microsoft Live Preview and enables one-click XSS attacks capable of exfiltrating sensitive files from the entire IDE environment.

This cluster matters because the most realistic initial access path is not “a remote scanner hits your server.” It is a developer opening a repo, previewing a file, or following a “helpful” configuration change.

Which VS Code Extensions & Versions Are Affected?

When documenting this issue for internal tracking or ticketing purposes, it is important to distinguish between two version scopes:

Versions explicitly referenced in the CVE/NVD entries, and
Versions the reporting researcher considers affected.

Versions Explicitly Named in CVE/NVD Records

The official CVE descriptions reference specific versions of the following extensions:

Code Runner (formulahendry.code-runner): v0.12.2
Markdown Preview Enhanced (shd101wyy.markdown-preview-enhanced): v0.8.18
Live Server (ritwickdey.LiveServer): v5.7.9

These versions are directly cited in the vulnerability records.

Researcher-Assessed Scope

According to OX Security’s assessment, the vulnerabilities affecting the three non-Microsoft extensions apply to all versions rather than to isolated releases. This suggests the weaknesses stem from architectural or configuration-level design issues, not from a specific regression introduced in a single update.

In practical terms, this means that simply upgrading to a newer version may not fully mitigate the risk. Organizations should wait for maintainers to release and clearly document remediation or hardening measures before considering the issue resolved.

What About Microsoft Live Preview?

Microsoft Live Preview (microsoft/vscode-livepreview) was included in the same disclosure theme, but it was not assigned a CVE. The issue was described as a one-clickXSS-class flaw in the local preview server that could enable local file read and exfiltration.

The key difference is patch posture: the fix was shipped in 0.4.16 (with later versions continuing from there). If your environment uses Live Preview, the immediate guidance is to update to 0.4.16 or later.

SOCRadar’s Vulnerability Intelligence

Security teams need clear visibility into emerging CVEs, exploit activity, and patch posture. To support this, SOCRadar’s Cyber Threat Intelligence module delivers enriched CVE intelligence, real-world exploitation signals, KEV tracking, and contextual risk analysis, helping organizations prioritize threats like CVE-2025-65717 and beyond with great accuracy and speed.

How Does Exploitation Work In Real Developer Workflows?

These issues are attractive because they align with common developer behaviors and trust assumptions.

Code Runner (CVE-2025-65715): When Settings Become A Command Execution Surface

Code Runner can execute code by building commands based on VS Code settings, including executor mappings. The reported abuse case is straightforward: if an attacker can get malicious values into those settings, they can influence how a command is constructed and trigger shell command injection when the developer runs code.

In practice, settings injection can happen through social engineering, a recommended configuration snippet, or a repo that includes workspace settings a developer trusts too quickly.

Markdown Preview Enhanced (CVE-2025-65716): Treat Markdown Like Active Content

The reported issue allows a crafted markdown (.md) file to trigger arbitrary JavaScript execution in the preview context. From there, the attacker can pivot into actions that are especially relevant on developer endpoints, such as enumerating local services, probing ports, and exfiltrating data off-host.

The operational takeaway is simple: Markdown is often reviewed casually, but in this extension’s preview pipeline it can behave more like active web content than a passive document.

Live Server (CVE-2025-65717): Localhost Is Not Automatically Safe

Live Server runs a local web server (commonly on localhost:5500) to serve project files. The reported exploit flow involves a developer browsing to an attacker-controlled webpage while Live Server is running. That webpage can then issue browser requests back to the localhost server and, due to insufficient cross-origin protections, enable file discovery and exfiltration from content being served locally.

This is a classic cross-origin to localhost risk pattern, but it is often missed in enterprise threat models because the service is “only local.”

Is There Active Exploitation or Public PoC Code?

At the time of writing, the available signals in the provided research indicate:

No CISA KEV listing for CVE-2025-65715, CVE-2025-65716, or CVE-2025-65717 in the referenced KEV dataset snapshot, meaning they are not designated as “known exploited” in that catalog at that time.
Public PoC demonstrations exist in the form of videos and illustrative payload examples or described exploit flows.
No widely referenced “packaged modules” (for example, common exploit framework entries) were identified during the cited research pass.

For defenders, this usually means a familiar risk window: public awareness plus PoC guidance can accelerate copycat exploitation, especially against organizations with weak controls around extension installation and workspace trust.

What Should Defenders Do Now?

When patch status is uncertain, you need mitigations that remain effective even if the extension is still vulnerable.

Immediate Actions (High Confidence)

Disable or uninstall the three extensions described as unpatched in the reporting: Live Server, Code Runner, and Markdown Preview Enhanced.
Enforce extension allowlisting (or equivalent enterprise policy) so developers cannot silently add high-risk tooling extensions.
Treat workspace settings and repo-level .vscode/settings.json as untrusted input:

Avoid opening unknown repos in a fully trusted context.
Review workspace settings changes in PRs with the same rigor as code changes, since they can influence execution behavior.

Reduce localhost exposure during development:

Do not leave local preview servers running while browsing unknown sites.
Consider broader endpoint controls that make exfiltration harder (for example, controlled egress paths), since multiple PoCs end in “send data off-host.”

Patch-Specific Action