CVE-2025-21264Files or Directories Accessible to External Parties in Microsoft Visual Studio Code Copilot Chat Extension

CWE-552Files or Directories Accessible to External Parties3 documents3 sources
Severity
7.1HIGHNVD
EPSS
1.2%
top 21.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microsoft Visual Studio Code Copilot Chat ExtensionMicrosoft Visual Studio Code
Timeline
PublishedMay 13

Description

Files or directories accessible to external parties in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:NExploitability: 1.8 | Impact: 4.7

Affected Packages3 packages

CVEListV5microsoft/visual_studio_code1.0.01.100.1

🔴Vulnerability Details

1
CVEList
Visual Studio Code Security Feature Bypass Vulnerability2025-05-13

📋Vendor Advisories

1
Microsoft
Visual Studio Code Security Feature Bypass Vulnerability2025-05-13
CVE-2025-21264 — Microsoft vulnerability | cvebase