Security Feature Bypass in Visual Studio Code by Microsoft
CVE-2025-21264

7.1HIGH

Key Information:

Vendor: Microsoft
Status: Visual Studio Code; Microsoft Visual Studio Copilot Chat Extension
Vendor: CVE Published:; 13 May 2025

What is CVE-2025-21264?

An identified security feature bypass vulnerability in Visual Studio Code allows unauthorized attackers to access files or directories that should remain secure. This flaw can be exploited locally, granting attackers the potential to circumvent established security measures, posing risks to the integrity of sensitive information.

Affected Version(s)

Microsoft Visual Studio CoPilot Chat Extension Unknown 0.27.0 < 0.27.2

Visual Studio Code Unknown 1.0.0 < 1.100.1

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 13, 2025
Vulnerability Reserved
Dec 10, 2024