Your VS Code Extensions Might Be the Weakest Link in Your Security Chain

If you've ever thought of your development environment as a safe harbor from the chaos of endpoint security, researchers from OX Security would like a word. Four of the most popular Visual Studio Code extensions — collectively installed over 125 million times — contain critical vulnerabilities that could let attackers steal local files, execute arbitrary code, and compromise entire organizations from a single developer workstation.

The extensions in question read like a greatest hits list of developer productivity tools. Live Server, Code Runner, Markdown Preview Enhanced, and Microsoft Live Preview are extensions that countless developers install on day one and then forget about. That forgetting is exactly what makes this so dangerous.

The most severe vulnerability, tracked as CVE-2025-65717 with a CVSS score of 9.1, affects Live Server. The attack vector is almost comically simple: when Live Server is running its local development HTTP server on localhost:5500, an attacker only needs to trick a developer into visiting a malicious website. JavaScript embedded in that page can then crawl the local server, extract files from the development environment, and exfiltrate them to an attacker-controlled domain. No exploit code needed, no complex payload required. Just a link and a running extension.

Markdown Preview Enhanced carries CVE-2025-65716 with a CVSS score of 8.8. Here, the attack requires uploading a crafted markdown file to a repository or shared location where a developer might reasonably open it. Once previewed, arbitrary JavaScript executes within the context of the extension, enabling port enumeration and data theft. For organizations that share documentation through Git repositories, this represents a particularly insidious vector.

Code Runner presents a different flavor of risk with CVE-2025-65715, scored at 7.8. This vulnerability requires convincing a user to modify their settings.json file through social engineering or phishing. While the bar is slightly higher, anyone who has received a "helpful" Stack Overflow snippet or configuration recommendation knows that developers routinely copy configuration from external sources.

Microsoft's own Live Preview extension rounded out the findings, though the company quietly patched the issue in version 0.4.16 back in September 2025 without assigning a CVE or making any announcement. The vulnerability allowed sensitive file access through localhost requests when the extension was active, following the same pattern as Live Server but through a different mechanism.

What makes these findings particularly troubling for security teams is the organizational exposure. The OX Security researchers emphasized that a single compromised extension or a single vulnerability within any extension is sufficient to perform lateral movement and compromise entire organizations. Developer machines typically have access to source code repositories, internal APIs, deployment credentials, and production secrets. A foothold on a developer workstation is often more valuable than breaching a hardened production server.

Three of the four vulnerabilities remain unpatched as of this writing. The Live Server maintainers have not issued a fix for the 9.1-severity flaw, Markdown Preview Enhanced remains vulnerable, and Code Runner continues to present risks through its settings modification attack surface.

Organizations should take immediate action to audit their development environments. Security teams should inventory which VS Code extensions are installed across the development population and assess whether each extension is genuinely necessary. Non-essential extensions should be disabled or removed entirely. For extensions that must remain, ensuring they're updated to the latest available version is critical, though as noted, patches don't yet exist for most of these vulnerabilities.

Network hardening provides an additional layer of defense. Restricting inbound and outbound connections through local firewalls can limit the impact of localhost-based attacks. Developers should also consider turning off localhost-based services when not actively in use, though this admittedly conflicts with the convenience these extensions provide.

The broader lesson here extends beyond these specific CVEs. Developer tooling has historically received less security scrutiny than production infrastructure, yet it often holds the keys to that very infrastructure. Extension marketplaces for VS Code, JetBrains IDEs, and browser developer tools represent a vast attack surface that security teams rarely monitor. As organizations continue to shift left on security, the tools developers use to build software deserve the same paranoid attention as the software they produce.

For organizations using VS Code, the recommended response is to immediately audit extension installations, remove anything unnecessary, update what remains, and begin treating the development environment with the same defensive posture applied to endpoints handling sensitive customer data. Because increasingly, the development environment is handling sensitive data — and attackers have noticed.