- Description
- An issue in Visual Studio Code Extensions Live Server v5.7.9 allows attackers to exfiltrate files via user interaction with a crafted HTML page.
- Source
- cve@mitre.org
- NVD status
- Analyzed
- Products
- live_server
CVSS 3.1
- Type
- Secondary
- Base score
- 4.3
- Impact score
- 1.4
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
- Severity
- MEDIUM
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-79
- Hype score
- Not currently trending
VS Code の 4 件のエクステンションに深刻な脆弱性:累計インストール数は 1億2,500万回を超える https://t.co/DTJmRRdCsu 公表された問題の背景にあるのは、localhost 上のサービスやローカル・ファイルへ過度にアクセ
@iototsecnews
26 Feb 2026
128 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
VS Codeの主要な拡張機能4件で危険性のある脆弱性-最大1.2億に影響(CVE-2025-65717,CVE-2025-65715,CVE-2025-65716) https://t.co/aonBEILRnS #セキュリティ対策Lab #セキュリティ #Security #CybersecurityNews
@securityLab_jp
24 Feb 2026
69 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Security Alert: Live Server Vulnerability If you use the Live Server extension in VS Code (over 72+M installs), pay attention. A critical flaw (CVE-2025-65717) has been discovered that could expose your local files. The Risk: An attacker could craft a malicious URL to
@XenZeeCodes
23 Feb 2026
47 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Critical VS Code Live Server flaw CVE-2025-65717 (CVSS 9.1) lets attackers steal source code and credentials via malicious links. Protect your workspace now. #VSCode #LiveServer #CyberSecurity #CVE202565717 #InfoSec #DevSecOps #AppSec https://t.co/jznRauT5sc
@the_yellow_fall
20 Feb 2026
280 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical VS Code Extension Flaws Put 128M+ Installs at Risk of File Theft and Remote Code Execution High-to-critical vulnerabilities in popular VS Code extensions—Live Server (CVE-2025-65715), Code Runner (CVE-2025-65716), Markdown Preview Enhanced (CVE-2025-65717), and
@ThreatSynop
19 Feb 2026
105 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
VS Codeの人気拡張機能4つ(累計 1億2,850万インストール超 )に重大脆弱性が発見されました。 🙅 未修正 ・Live Server(72M)CVE-2025-65717(9.1) ・Markdown Preview Enhanced(8.5M) ・Code Runner(37M) 🙆♂️ 修正済み M
@shimabu_it
19 Feb 2026
51760 Impressions
47 Retweets
407 Likes
293 Bookmarks
3 Replies
5 Quotes
🚨 125M+ VS Code Installs at Risk: 4 Popular Extensions Enable File Exfiltration & Remote Code Execution OX Security disclosed high/critical flaws across Live Server (CVE-2025-65717), Code Runner (CVE-2025-65715), and Markdown Preview Enhanced (CVE-2025-65716), plus an issu
@ThreatSynop
18 Feb 2026
160 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
VSCodeの人気拡張機能複数に脆弱性。Ox Security社報告。Code Runner (CVE-2025-65715)、Markdown Preview Enhanced (CVE-2025-65716)…Markdown Preview Enhanced (CVE-2025-65717)、Microsoft Live Preview(CVE未採番)。 https://t.co/pdjft1uOcU
@__kokumoto
18 Feb 2026
1368 Impressions
3 Retweets
7 Likes
4 Bookmarks
2 Replies
0 Quotes
I disclosed these vulnerabilities and got issued 3 out of 4 CVEs CVE-2025-65715: Code Runner (37M+) CVE-2025-65716: Markdown Preview Enhanced (8.5M+) CVE-2025-65717: Live Server (72M+) No CVE (but fixed): Live Preview by Microsoft (11M+) https://t.co/herjrTX2Vx
@MosheTov
17 Feb 2026
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
We Found 4 Vulnerabilities in IDE Extensions With Over 120M(!) Downloads 3 of them were issued a CVE & the only one without a CVE is the only one that was fixed.. WHAT? 😶 CVE-2025-65715: Code Runner CVE-2025-65716: Markdown CVE-2025-65717: Live Server https://t.co/herj
@MosheTov
17 Feb 2026
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-65717 File Exfiltration Vulnerability in Visual Studio Code Liv... https://t.co/wEImtW2CJx Don't wait vulnerability scanning results: https://t.co/oh1APvMMnd
@VulmonFeeds
16 Feb 2026
44 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ritwickdey:live_server:*:*:*:*:*:visual_studio_code:*:*",
"matchCriteriaId": "55888E99-6D1B-42D7-BEC4-AC57D15A4EA3",
"versionStartIncluding": "5.7.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]