Trust Boundary Violation in Visual Studio Code - Python Extension by Microsoft
CVE-2025-49714

7.8HIGH

Key Information:

Vendor: Microsoft
Status: Python Extension For Visual Studio Code
Vendor: CVE Published:; 8 July 2025

What is CVE-2025-49714?

A trust boundary violation in the Visual Studio Code Python extension permits unauthorized attackers to execute code locally. This vulnerability arises from inadequate isolation of tasks within the development environment that can allow exploitation if the attacker successfully sends crafted inputs. It’s crucial for users to apply updates and patches to mitigate risks associated with this flaw.

Affected Version(s)

Python extension for Visual Studio Code Unknown 2020 < 2025.8.1

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 8, 2025
Vulnerability Reserved
Jun 9, 2025