CVE-2025-21264

CWE-552Files Accessible to External Parties3 documents3 sources
Severity
7.1HIGH
EPSS
1.2%
top 21.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microsoft Microsoft Visual Studio Code Copilot Chat ExtensionMicrosoft Visual Studio Code
Timeline
PublishedMay 13

Description

Files or directories accessible to external parties in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:NExploitability: 1.8 | Impact: 4.7

Affected Packages3 packages

CVEListV5microsoft/visual_studio_code1.0.01.100.1

🔴Vulnerability Details

1
CVEList
Visual Studio Code Security Feature Bypass Vulnerability2025-05-13

📋Vendor Advisories

1
Microsoft
Visual Studio Code Security Feature Bypass Vulnerability2025-05-13