A set of four popular VS Code extensions—Live Server, Code Runner, Markdown Preview Enhanced, and Microsoft Live Preview—with over 125 million combined installations, harbor security flaws that could enable remote code execution and local file exfiltration.

Microsoft Live Preview has a vulnerability that lets attackers enumerate and exfiltrate sensitive local files via malicious websites and crafted JavaScript, and Microsoft quietly fixed it in version 0.4.16 released in September 2025.

OX Security identified three CVEs affecting these extensions (CVE-2025-65715, CVE-2025-65716, CVE-2025-65717) threatening more than 120 million downloads, with risks including lateral movement and corporation-wide compromise.

The broader context emphasizes risk to corporate environments and the need for timely disclosure and patching to mitigate potential breaches.

A core concern is that the local developer machine remains a vulnerable entry point, underscoring the importance of securing development environments.

Experts call for stronger measures such as mandatory security reviews before publishing extensions, AI-powered vulnerability scanning, enforceable maintainer response rules, and shifting away from an 'install at your own risk' model.

Disclosures of flaws began in mid-2025, and maintainers did not respond, leaving issues unpatched in the wild.

Three vulnerabilities were disclosed between July and August 2025 without maintainer responses, highlighting accountability and fix-speed problems in extension security.

Developers are urged to avoid unnecessary localhost servers, not run untrusted HTML, refrain from inserting untrusted configurations into settings.json, uninstall unused extensions, and install only trusted publishers with change monitoring.

Security guidance for development environments includes hardening networks with firewalls, keeping all extensions updated, and turning off localhost services when not in use.

Users should follow practical steps: avoid untrusted HTML on localhost, don’t paste or run unverified snippets in settings.json, install only trusted extensions, monitor and back up settings.json, disable unnecessary extensions, harden local networks, and promptly apply updates to IDEs, extensions, OS, and dependencies.

The risk landscape extends beyond these four extensions to other AI-powered VSCode tools like Cursor and Windsurf, signaling a broader ecosystem-wide concern.