Path Traversal Vulnerability in Visual Studio Code CoPilot Chat Extension
CVE-2025-62449

6.8MEDIUM

Key Information:

Vendor: Microsoft
Status: Microsoft Visual Studio Code Copilot Chat Extension
Vendor: CVE Published:; 11 November 2025

What is CVE-2025-62449?

The Visual Studio Code CoPilot Chat Extension contains a path traversal vulnerability that may allow an authorized attacker to circumvent security measures. By exploiting improper limitations on directory pathnames, a malicious user can potentially access restricted areas of the system. It is essential for users to stay informed about this security risk and apply necessary updates to mitigate potential threats.

Affected Version(s)

Microsoft Visual Studio Code CoPilot Chat Extension Unknown 0.27.0 < 0.32.5

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 11, 2025
Vulnerability Reserved
Oct 14, 2025

JSON