Code Execution Vulnerability in Markdown Preview Enhanced for Visual Studio Code
CVE-2025-65716

8.8HIGH

Key Information:

Vendor

Microsoft
Status
Visual Studio Code Extensions Markdown Preview Enhanced
Vendor
CVE Published:
16 February 2026

Badges

đź“° News Worthy

What is CVE-2025-65716?

A security flaw in the Markdown Preview Enhanced extension version 0.8.18 for Visual Studio Code allows attackers to execute arbitrary code by exploiting vulnerabilities present in specially crafted .Md files. This could lead to unauthorized access and manipulation of the user's system. Users are advised to update to the latest version of the extension to mitigate this risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

News Articles

favicon imageBleepingComputer

Flaws in popular VSCode extensions expose developers to attacks

Vulnerabilities with high to critical severity ratings affecting popular Visual Studio Code (VSCode) extensions collectively downloaded more than 128 million times could be exploited to steal local files and execute code remotely.

1 week ago

References

https://github.com/shd101wyy/markdown-preview-enhanced
https://www.ox.security/blog/cve-2025-65716-markdown-prev...

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • đź“°

    First article discovered by BleepingComputer

  • Vulnerability published

  • Vulnerability Reserved

JSON
.