CVE-2025-62453

Published Nov 11, 2025

Last updated 4 months ago

CVSS medium 5.0

Overview

Description
Improper validation of generative ai output in GitHub Copilot and Visual Studio Code allows an authorized attacker to bypass a security feature locally.
Source
secure@microsoft.com
NVD status
Analyzed
Products
visual_studio_code

Risk scores

CVSS 3.1

Type
Primary
Base score
5
Impact score
3.6
Exploitability score
1.3
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
Severity
MEDIUM

Weaknesses

secure@microsoft.com
CWE-693

Social media

Hype score
Not currently trending

Configurations

Related CVEs

  1. Time-of-check time-of-use (toctou) race condition in GitHub Copilot and Visual Studio allows an authorized attacker to execute code over a network.CVE-2026-21523
  2. Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature over a network.CVE-2026-21518
  3. Improper access control in GitHub Copilot and Visual Studio Code allows an authorized attacker to bypass a security feature over a network.CVE-2025-64660
  4. Ai command injection in Agentic AI and Visual Studio Code allows an unauthorized attacker to execute code over a network.CVE-2025-55319
  5. Files or directories accessible to external parties in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.CVE-2025-21264

References

Sources include official advisories and independent security research.