- Description
- Ai command injection in Agentic AI and Visual Studio Code allows an unauthorized attacker to execute code over a network.
- Source
- secure@microsoft.com
- NVD status
- Modified
- Products
- visual_studio_code
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- Hype score
- Not currently trending
Your AI Coding Assistant Just Became Your Biggest Security Risk! If you write code in VS Code and lean on Copilot or other agentic AI, this is for you! What happened: Microsoft assigned CVE-2025-55319 to an AI command-injection issue tied to agentic AI in Visual Studio Code. h
@cwiakalski
16 Oct 2025
89 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
1 Quote
I've missed this from yesterday: 🟧 CVE-2025-55319, CVSS: 8.8 (High) Agentic AI and Visual Studio Code, Microsoft. AI command injection vulnerability. Unauthorized attackers can execute code over a network. #CyberSecurity #CVE #Vulnerability #Microsoft #AI #CommandInjectio
@UjlakiMarci
13 Sept 2025
167 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
[CVE-2025-55319: HIGH] Ai command injection in Agentic AI and Visual Studio Code allows an unauthorized attacker to execute code over a network.#cve,CVE-2025-55319,#cybersecurity https://t.co/vm4ab8udU1 https://t.co/lDwb0kuf3H
@CveFindCom
12 Sept 2025
136 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_code:*:*:*:*:*:-:*:*",
"matchCriteriaId": "7ACB70C4-B968-45A2-A907-6E6E94505537",
"versionEndExcluding": "1.104.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]