Elevation of Privileges Vulnerability in Visual Studio Code by Microsoft
CVE-2025-26631

7.3HIGH

Key Information:

Vendor
Microsoft
Status
Visual Studio Code
Vendor
CVE Published:
11 March 2025

Summary

An elevation of privileges vulnerability in Visual Studio Code allows an authorized attacker to exploit the uncontrolled search path element, potentially enabling them to execute arbitrary code with elevated privileges on the local system. Users should be aware of this vulnerability and apply necessary updates to mitigate risks.

Affected Version(s)

Visual Studio Code Unknown 1.0.0 < 1.98.0

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...
vendor-advisory

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.