Primary

Context

Microsoft Visual Studio Code CoPilot Chat Extension Path Traversal Vulnerability Allowing Security Feature Bypass

Vulnerability

A path traversal vulnerability has been identified in the Visual Studio Code CoPilot Chat Extension. This issue allows an authorized attacker to locally bypass a security feature that protects sensitive files. The vulnerability arises from improper restrictions on file paths, enabling unauthorized access to restricted directories.

Impact

Exploitation of this vulnerability could lead to a bypass of sensitive file protections in Visual Studio Code, allowing access to confidential information and the ability to modify code in repositories. Additionally, there might be some interference with the availability of the code.

Remediation

Users can download the security update for the Microsoft Visual Studio Code CoPilot Chat Extension from the Visual Studio Code website.

Added: Nov 11, 2025, 6:46 PM

Updated: Nov 11, 2025, 6:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

3.3

remediation

0.0

relevance

0.9

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

3.3

remediation

0.0

relevance

0.9

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Microsoft Visual Studio Code CoPilot Chat Extension Path Traversal Vulnerability Allowing Security Feature Bypass

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating