Security Feature Bypass in Visual Studio Code by Microsoft
CVE-2025-21264

7.1HIGH

Key Information:

Vendor

Microsoft

Vendor
CVE Published:
13 May 2025

What is CVE-2025-21264?

An identified security feature bypass vulnerability in Visual Studio Code allows unauthorized attackers to access files or directories that should remain secure. This flaw can be exploited locally, granting attackers the potential to circumvent established security measures, posing risks to the integrity of sensitive information.

Affected Version(s)

Visual Studio Code Unknown 1.0.0 < 1.100.1

References

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.