CVE-2025-21264
published 2025-05-13CVE-2025-21264: Files or directories accessible to external parties in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.
high7.1CVSS 3.1
AVLACLPRNUIRSCCHILAN
Files or directories accessible to external parties in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | microsoft_visual_studio_code_copilot_chat_extension | >= 0.27.0 < 0.27.2 | 0.27.2 |
| microsoft | visual_studio_code | < 1.100.1 | 1.100.1 |
| microsoft | visual_studio_code | >= 1.0.0 < 1.100.1 | 1.100.1 |
| msrc | microsoft_visual_studio_code_copilot_chat_extension | — | — |
| msrc | visual_studio_code | — | — |