VS Code extensions left 128 million installs vulnerable to exploitation
Snapshot. A security firm identified dangerous defects inside four widely used IDE add-ons that together touch roughly 128 million developer installations. The finding moved from private disclosure in mid‑2025 to public advisories after maintainers failed to respond to several reports.
Attack mechanics and affected tools. The most severe weakness sits in Live Server, a local HTTP preview tool with around 72 million installs, and can be abused by a malicious web page while the server runs. Another flaw in Code Runner (≈ 37 million installs) lets crafted configuration entries invoke arbitrary commands, including reverse shells. A preview parser bug in Markdown Preview Enhanced (≈ 8.5 million installs) executes embedded content on file open and can harvest port or host data.
Microsoft patching and timeline. A separate cross‑site scripting issue in Microsoft's Live Preview (≈ 11 million installs) enabled enumeration and exfiltration of workspace files and secrets; Microsoft shipped a fix without prior public notice, according to the researchers. Three CVE identifiers were assigned and published on February 16, and at least one of the disclosed flaws carries a high severity score (~8.8 CVSS).
Broader supply‑chain context. The technical weaknesses exposed in these extensions are part of a larger pattern where attackers and misconfigurations abuse distribution and execution surfaces around developer tooling. Recent campaigns have shown adversaries can weaponize update channels, publisher accounts and off‑platform signaling to control implants, and that repository or environment configuration (for example, automations applied by hosted development environments) can give arbitrary commands the opportunity to run. Those complementary incidents illustrate how delivery and automation layers — not just extension code — can turn trusted developer workflows into attack vectors.
Operational impact and immediate guidance. Researchers urged immediate remediation steps for developers and security teams to reduce exposure. Recommended actions include disabling extensions not actively used, enforce extension allowlists where possible, avoid visiting untrusted web pages while local preview servers are running, and refuse unvetted configuration snippets. In addition, teams should rotate exposed secrets and signing credentials, revoke compromised publishing tokens, audit CI/CD pipelines for lateral misuse, and perform forensic checks on developer workstations that installed the affected extensions.
The episode highlights that developer tooling with broad host access can become an entry vector into enterprise environments, amplifying a single compromised workstation into lateral movement and credential theft risks. Organisations should treat IDE plugins and repo-sourced config as part of their software supply‑chain controls, harden developer endpoints accordingly, and push for marketplace changes such as stronger publisher controls, end‑to‑end signing of updates, and automated marketplace scanning to detect anomalous updates and behavior.
Read Our Expert Analysis
Create an account or login for free to unlock our expert analysis and key takeaways for this development.
By continuing, you agree to receive marketing communications and our weekly newsletter. You can opt-out at any time.
Recommended for you
VS Code repository configs can trigger executable actions in GitHub Codespaces
Orca Security says repository-defined Visual Studio Code settings used by GitHub Codespaces can be applied automatically and carry executable commands or terminal variables that run without explicit user approval, creating a vector for token theft and supply-chain abuse. Recent extension‑supply‑chain incidents (including poisoned VS Code extensions and resilient off‑platform command channels) show attackers are diversifying delivery and control mechanisms, meaning repo configs are an additional, potent trust boundary to defend.
Six Vulnerabilities in Major JavaScript Package Managers Expose Projects to Supply-Chain RCE
Security firm Koi disclosed six vulnerabilities across NPM, PNPM, VLT, and Bun that let attackers bypass common install-time protections and potentially achieve remote code execution. PNPM, VLT and Bun issued fixes quickly while NPM declined to change the behavior, leaving many projects exposed if they rely on Git or tarball dependencies without added protections.
React2Shell: Rapid, Large-Scale Exploitation Delivers Reverse Shells and XMRig Miners
A critical unauthenticated remote-execution flaw in React 19 (CVE-2025-55182) has been aggressively exploited, producing over 1.4 million attack attempts in a week and resulting in reverse shells and cryptocurrency-mining deployments. Defenders should combine urgent patching with network containment, WAF protections, and targeted hunts for post-exploitation artifacts while also checking exposed developer tooling and dependency integrity to reduce secondary attack surfaces.



