Primary

Context

Spring CLI VSCode Extension Command Injection Vulnerability Allowing Command Execution

Vulnerability

A command injection vulnerability has been identified in the Spring CLI VSCode extension, specifically in versions 0.9.0 and older. This vulnerability allows for command execution on the user's machine. Although the extension reached end-of-life on May 14, 2025, this CVE has been issued to address the vulnerability out of an abundance of caution.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the user's machine.

Remediation

Users of the Spring CLI VSCode extension should remove it from their coding environments.

Added: Jan 14, 2026, 5:19 AM

Updated: Jan 14, 2026, 5:19 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.4

remediation

0.0

relevance

2.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.4

remediation

0.0

relevance

2.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Spring CLI VSCode Extension Command Injection Vulnerability Allowing Command Execution

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating