CVE-2025-55319

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-55319

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-55319.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-55319

Published

2025-09-12T02:15:46.697Z

Modified

2025-11-20T12:39:11.465624Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Ai command injection in Agentic AI and Visual Studio Code allows an unauthorized attacker to execute code over a network.

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55319

Affected packages

Git / github.com/microsoft/vscode

Affected ranges

Type: GIT
Repo: https://github.com/microsoft/vscode
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

f220831ea2d946c0dcb0f3eaa480eb435a2c1260

Affected versions

0.*

0.10.10-insiders

0.10.12-insiders

0.10.5

0.10.7-insiders

1.*

1.1.0-insider

1.16.0

1.38.0

1.999.0

Other

BAD

GOOD

bad2

bad3

v14

translation/20160817.*

translation/20160817.01

translation/20160826.*

translation/20160826.01

translation/20160902.*

translation/20160902.01

translation/20161014.*

translation/20161014.01

translation/20161028.*

translation/20161028.01

translation/20161111.*

translation/20161111.01

translation/20161118.*

translation/20161118.01

translation/20161125.*

translation/20161125.01

translation/20161209.*

translation/20161209.01

translation/20170123.*

translation/20170123.01

translation/20170127.*

translation/20170127.01

translation/20170217.*

translation/20170217.01

translation/20170227.*

translation/20170227.01

translation/20170311.*

translation/20170311.01

translation/20170317.*

translation/20170317.01

translation/20170324.*

translation/20170324.01

translation/20170331.*

translation/20170331.01

translation/20172701.*

translation/20172701.01