CVE-2025-62449

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-62449

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-62449.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-62449

Published

2025-11-11T18:15:50.043Z

Modified

2026-03-13T03:38:21.404784Z

Severity

6.8 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L CVSS Calculator

Summary

[none]

Details

Improper limitation of a pathname to a restricted directory ('path traversal') in Visual Studio Code CoPilot Chat Extension allows an authorized attacker to bypass a security feature locally.

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62449

Affected packages

Git / github.com/microsoft/vscode-copilot-chat

Affected ranges

Type

GIT

Repo

https://github.com/microsoft/vscode-copilot-chat

Events

Introduced

Fixed

d0b5c7be1d70fa847c9bad834e227310d2cdba87

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.32.0"
        }
    ]
}

Affected versions

v0.*

v0.29.2025062703

v0.29.2025062705

v0.29.2025063001

v0.29.2025070102

v0.29.2025070202

v0.29.2025070301

v0.29.2025070302

v0.29.2025070401

v0.29.2025070403

v0.30.2025071002

v0.30.2025071101

v0.30.2025071401

v0.30.2025071501

v0.30.2025071502

v0.30.2025071601

v0.30.2025071701

v0.30.2025071801

v0.30.2025072102

v0.30.2025072103

v0.30.2025072201

v0.30.2025072301

v0.30.2025072401

v0.30.2025072501

v0.30.2025072801

v0.30.2025072901

v0.30.2025073001

v0.30.2025073101

v0.30.2025073102

v0.31.2025080704

v0.31.2025080801

v0.31.2025081101

v0.31.2025081203

v0.31.2025081204

v0.31.2025081301

v0.31.2025081401

v0.31.2025081501

v0.31.2025081801

v0.31.2025082004

v0.31.2025082101

v0.31.2025082102

v0.31.2025082201

v0.31.2025082202

v0.31.2025082212

v0.31.2025082213

v0.31.2025082501

v0.31.2025082502

v0.31.2025082601

v0.31.2025082602

v0.31.2025082701

v0.31.2025082702

v0.31.2025082801

v0.31.2025082802

v0.31.2025082903

v0.31.2025082904

v0.31.2025090101

v0.31.2025090102

v0.31.2025090201

v0.31.2025090301

v0.31.2025090302

v0.31.2025090401

v0.32.2025091102

v0.32.2025091201

v0.32.2025091202

v0.32.2025091501

v0.32.2025091601

v0.32.2025091602

v0.32.2025091701

v0.32.2025091801

v0.32.2025091901

v0.32.2025091902

v0.32.2025092201

v0.32.2025092301

v0.32.2025092302

v0.32.2025092509

v0.32.2025092601

v0.32.2025092602

v0.32.2025092901

v0.32.2025093001

v0.32.2025100101

v0.32.2025100203

v0.32.2025100302

v0.32.2025100703

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-62449.json"