Primary

Context

Visual Studio Code Security Feature Bypass Vulnerability

Vulnerability

Patched

A security feature bypass vulnerability has been identified in Visual Studio Code. This issue arises from files or directories that are accessible to external parties, allowing an unauthorized attacker to locally bypass a security feature. Specifically, the vulnerability enables the bypassing of the Trusted Domain Service.

Impact

Exploitation of this vulnerability could lead to a significant loss of confidentiality, allowing an attacker to view sensitive information such as tokens. Additionally, it could result in some integrity loss by enabling changes to the disclosed information.

Remediation

Users can update to Visual Studio Code version 1.100.1, which addresses this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

0.6

exploitability

4.7

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

0.6

exploitability

4.7

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Visual Studio Code Security Feature Bypass Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Microsoft Visual Studio Code

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating