AI description
CVE-2025-53773 is a vulnerability in GitHub Copilot that allows for remote code execution and full system compromise through prompt injection techniques. The vulnerability lies in GitHub Copilot's ability to modify project files without explicit user approval, specifically targeting the `.vscode/settings.json` configuration file. By injecting malicious prompts into various sources like source code files, web pages, or GitHub issues, an attacker can trick Copilot into adding `"chat.tools.autoApprove": true` to the settings file. This effectively puts the AI assistant into "YOLO mode", disabling user confirmations and allowing it to execute shell commands, browse the web, and perform other privileged actions without oversight, leading to potential system compromise.
- Description
- Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code locally.
- Source
- secure@microsoft.com
- NVD status
- Analyzed
- Products
- visual_studio_2022
CVSS 3.1
- Type
- Secondary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
- secure@microsoft.com
- CWE-77
- Hype score
- Not currently trending
GitHub Copilotに自己複製型AIウイルスを構築できる脆弱性CVE-2025-53773(CVSS 9.6)が発覚。悪意あるPRの説明文から感染拡大、ZombAIネットワーク構築が実証済み。パッチ済みでもauto-approve設定は今すぐ確認を https://t.co/j
@neural_nw_ai
7 Jun 2026
117 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
GitHub CopilotのPRコメントに隠れたプロンプトでRCE(CVE-2025-53773、CVSS 9.6)。PRの説明文がシェルコマンドになる時代に。AIコードレビューを使っているチームは今すぐパッチ確認を https://t.co/T4Uh3IWxyf #GitHubCopilot #A
@neural_nw_ai
4 Jun 2026
127 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2025-53773 2 - CVE-2025-32711 3 - CVE-2022-0492 4 - CVE-2024-21182 5 - CVE-2026-0257 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
3 Jun 2026
101 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
AIコーディングの最大リスク、プロンプトインジェクション🤖 OWASPが2026年No.1 AI脅威に。PR説明に隠した注入でCopilotのRCE(CVE-2025-53773, CVSS9.6)、ゼロクリック流出のEchoLeak、Cursorのコマンド実行欠陥…成功率は構
@ju571nK
31 May 2026
81 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
github copilot reads PR descriptions. attackers know github copilot reads PR descriptions. CVE-2025-53773, CVSS 9.6: hide instructions in a PR description, copilot executes them, RCE on whoever reviews the PR. your AI code reviewer is also an AI code attacker now.
@crypto_fools
26 May 2026
152 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Prompt injection RCE in GitHub Copilot via PR descriptions (CVE-2025-53773). Attackers hide instructions in code your team reviews daily. No firewall catches a trojanized code completion. CVSS 9.6. Trust is the vulnerability.
@SEatTrend
24 May 2026
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-53773: hidden prompt injection in PR descriptions = remote code execution in GitHub Copilot. CVSS 9.6. Three coding agents hit by the same payload class this month. Self-hosted with strict allowlists kills the class. https://t.co/mE4uAPCm83
@musiol_martin
6 May 2026
304 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
GitHub CopilotにRCE脆弱性CVE-2025-53773(パッチ済)。悪意あるPRコメントのプロンプトインジェクションでVSCode設定を書き換え、マルウェア実行・リポジトリ全体に伝播も。AIコーディングツールの攻撃面は本当に
@neural_nw_ai
6 May 2026
323 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
【緊急】GitHub Copilot(VS拡張)にCVSS 7.8の重大脆弱性CVE-2025-53773。PRの説明文に仕込まれたプロンプトインジェクションで任意コマンド実行が可能。「ZombAI」ボットネット化まで確認済み。今すぐパッチを適用し
@neural_nw_ai
19 Apr 2026
178 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
GitHub CopilotでCVSS 9.6の深刻な脆弱性CVE-2025-53773が開示。PRの説明文に仕込んだプロンプトインジェクションで遠隔コード実行が可能。Copilotを使う開発チームは即確認を。AIツール自体が攻撃対象になる時代が来
@neural_nw_ai
8 Apr 2026
179 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Sec-Context: comprehensive AI code anti-patterns for LLMs — breadth (~65K tokens) and depth (~100K tokens) references. Top risks: dependency squatting, XSS, hardcoded secrets. #XSS #LLM #CVE-2025-53773 https://t.co/uExud2AxXG
@hasamba
14 Mar 2026
142 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
In 2026, prompt injection holds that same position for AI applications. A GitHub Copilot vulnerability (CVE-2025-53773) allowed an attacker to achieve full remote code execution by embedding malicious instructions in a README file. Read full article here. https://t.co/qaOZWMiK9J
@KuSecureLayer
10 Mar 2026
113 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
AI Exploitation Techniques AI exploitation techniques have evolved from theoretical research to weaponized attacks against production systems. GitHub Copilot suffered CVE-2025-53773 (CVSS 9.6), enabling remote code execution through prompt injection. Microsoft patched a https://
@xhackio
28 Feb 2026
151 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
I bypassed CVE-2025-53773. The 𝗥𝗖𝗘 previously reported in GitHub's 𝗖𝗼𝗽𝗶𝗹𝗼𝘁. Microsoft released the fix recently (CVE-2025-64660) - update! Less than 10 days for IDEsaster. Are you ready? Follow so you don't miss it. #aisecurity #idesaster https://
@Ari_MaccariTA
27 Nov 2025
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
GitHub Copilot: プロンプトインジェクションによるリモートコード実行 (CVE-2025-53773) GitHub Copilot: Remote Code Execution via Prompt Injection (CVE-2025-53773) https://t.co/F35hMD4pBj 2025-10-13 05:00:10 +0900
@hackernewsj
12 Oct 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
GitHub Copilot: Remote Code Execution via Prompt Injection (CVE-2025-53773) · Embrace The Red https://t.co/BmFKYuDYBO
@ProjectMictlan
12 Oct 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
From jailbreaks to prompt injection, attackers are exploiting LLMs in ways traditional security misses. This quick, 30 minute monthly webinar series from @pangeacyber Labs and @MrJoeyMelo covers real-world exploits like Scamlexity and GitHub Copilot RCE (CVE-2025-53773), demos of
@pangeacyber
3 Sept 2025
155 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Remote Code Execution in GitHub Copilot (CVE-2025-53773) A prompt injection exploit can overwrite the Copilot config file, force it into "YOLO mode" and grant immediate RCE - completely bypassing user approvals.
@luminousmen
3 Sept 2025
92 Impressions
0 Retweets
3 Likes
0 Bookmarks
1 Reply
0 Quotes
GitHub Copilot の RCE 脆弱性 CVE-2025-53773 が FIX:Visual Studio に生じる YOLO モードとは? https://t.co/9LavMnyeCW GitHub Copilot が、ユーザーの承認を得ることなく、コンフィグ・ファイルを変更できるという脆弱性が発見さ
@iototsecnews
27 Aug 2025
67 Impressions
2 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Part III: CVE-2025-53773 - Visual Studio & Copilot – Wormable Command Execution via Prompt Injectionhttps://www.persistent-security.net/post/part-iii-vscode-copilot-wormable-command-execution-via-prompt-injection
@Dinosn
18 Aug 2025
3664 Impressions
11 Retweets
26 Likes
16 Bookmarks
0 Replies
0 Quotes
#MLSecOps Prompt Injection Attacks Part 1: Prompt Injection - Exploiting LLM Instruction Confusion - https://t.co/EFQr0YH7Lv Part 2: Wormable Prompt Injections - Self-Replicating Exploits in AI - https://t.co/M5ZxrGhoIM Part 3: CVE-2025-53773 - Visual Studio & Copilot - Worma
@ksg93rd
17 Aug 2025
423 Impressions
0 Retweets
9 Likes
9 Bookmarks
0 Replies
0 Quotes
GitHub Copilot: Remote Code Execution via Prompt Injection (CVE-2025-53773) · Embrace The Red https://t.co/9UMd0WL504
@JoshuaOpolko
16 Aug 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
GitHub Copilot: Remote Code Execution via Prompt Injection (CVE-2025-53773) https://t.co/ejBuxoYz2h
@HackingTeam777
15 Aug 2025
688 Impressions
1 Retweet
15 Likes
5 Bookmarks
0 Replies
0 Quotes
「GitHub Copilotに潜むリモートコード実行脆弱性」──プロンプトインジェクションによるRCE脆弱性「CVE-2025-53773」が発見。YOLOモードを悪用し開発者端末を完全制御可能。AI開発ツールのセキュリティリスク。要
@t3_corp
15 Aug 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Falha crítica no GitHub Copilot (CVE-2025-53773) permitia que hackers usassem prompt injection para ativar o “YOLO mode” e executar comandos sem autorização, comprometendo Windows, macOS e Linux. 👉 https://t.co/Zuj1WHCOiL https://t.co/utOoYZa3Pa
@TechStartXYZ
13 Aug 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
GitHub Copilotに致命的なセキュリティ脆弱性が公開された(CVE-2025-53773)。洗練されたプロンプトインジェクションテクニックによってリモートでコードを実行し、システムを完全に侵害する可能性がある。 これは
@yousukezan
13 Aug 2025
10033 Impressions
30 Retweets
68 Likes
47 Bookmarks
0 Replies
1 Quote
GitHub Copilotにプロンプトインジェクションによる遠隔コード実行の脆弱性。8月のMS月例パッチで緊急(Critical)扱いで修正。CVE-2025-53773は間接プロンプトインジェクションにより、設定ファイルでYOLOモード(ユー
@__kokumoto
13 Aug 2025
2842 Impressions
4 Retweets
13 Likes
1 Bookmark
0 Replies
1 Quote
【AIツールセキュリティ】GitHub CopilotにCVE-2025-53773として追跡される重大な脆弱性が発見され、プロンプトインジェクションを通じてリモートコード実行が可能となることが判明した。
@nakajimeeee
13 Aug 2025
805 Impressions
0 Retweets
11 Likes
9 Bookmarks
0 Replies
0 Quotes
Github Copilot Remote Code Execution CVE-2025-53773 via prompt injection https://t.co/GdPzOiZB2x
@0xJin
13 Aug 2025
1568 Impressions
1 Retweet
21 Likes
4 Bookmarks
1 Reply
0 Quotes
💥 Remote Code Execution in GitHub Copilot (CVE-2025-53773) 👉 Prompt injection exploit writes to Copilot config file and puts it into YOLO mode, then we get immediate RCE 🔥 Bypasses all user approvals 🛡️ Patch is out today. Update before someone else does it for
@wunderwuzzi23
12 Aug 2025
69447 Impressions
134 Retweets
667 Likes
379 Bookmarks
9 Replies
11 Quotes
CVE-2025-53773 Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute cod… https://t.co/I1zKyzufyq
@CVEnew
12 Aug 2025
317 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E5799F24-B0F2-461D-97D5-FED4D23BAC19",
"versionEndExcluding": "17.14.12",
"versionStartIncluding": "17.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]