Trust Boundary Violation in Visual Studio Code - Python Extension by Microsoft
CVE-2025-49714

7.8HIGH

What is CVE-2025-49714?

A trust boundary violation in the Visual Studio Code Python extension permits unauthorized attackers to execute code locally. This vulnerability arises from inadequate isolation of tasks within the development environment that can allow exploitation if the attacker successfully sends crafted inputs. It’s crucial for users to apply updates and patches to mitigate risks associated with this flaw.

Affected Version(s)

Python extension for Visual Studio Code Unknown 2020 < 2025.8.1

References

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-49714 : Trust Boundary Violation in Visual Studio Code - Python Extension by Microsoft