CVE-2025-21264 HIGH

CVE-2025-21264: Visual Studio Code Security Feature Bypass Vulnerability

Vendor Microsoft

Product Microsoft Visual Studio Code CoPilot Chat Extension

Weakness CWE-552 · Files accessible externally

Published May 13, 2025

Last update February 13, 2026

CVSS base score

7.1/10

Attack vector Local

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality High

Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C

What the vulnerability does

01Description

Files or directories accessible to external parties in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.

Key dates

May 13, 2025 CVE published

February 13, 2026 Record updated

External resources

Related vulnerabilities

CVE CVE-2025-21264

CWE CWE-552

CVSS 7.1 / HIGH

Vendor Microsoft

Product Microsoft Visual Studio Code CoPilot Chat Extension

Affected ≥ 0.27.0 and < 0.27.2

Vendor Microsoft

Product Visual Studio Code

Affected ≥ 1.0.0 and < 1.100.1