A Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection. Six years running.Six years. Gartner® Magic Quadrant™ Leader.Find Out Why
Experiencing a Breach?Blog
Get StartedContact Us
SentinelOne
  • Platform
    Platform Overview
    • Singularity Platform
      Welcome to Integrated Enterprise Security
    • AI for Security
      Leading the Way in AI-Powered Security Solutions
    • Securing AI
      Accelerate AI Adoption with Secure AI Tools, Apps, and Agents.
    • How It Works
      The Singularity XDR Difference
    • Singularity Marketplace
      One-Click Integrations to Unlock the Power of XDR
    • Pricing & Packaging
      Comparisons and Guidance at a Glance
    Data & AI
    • Purple AI
      Accelerate SecOps with Generative AI
    • Singularity Hyperautomation
      Easily Automate Security Processes
    • AI-SIEM
      The AI SIEM for the Autonomous SOC
    • AI Data Pipelines
      Security Data Pipeline for AI SIEM and Data Optimization
    • Singularity Data Lake
      AI-Powered, Unified Data Lake
    • Singularity Data Lake for Log Analytics
      Seamlessly Ingest Data from On-Prem, Cloud or Hybrid Environments
    Endpoint Security
    • Singularity Endpoint
      Autonomous Prevention, Detection, and Response
    • Singularity XDR
      Native & Open Protection, Detection, and Response
    • Singularity RemoteOps Forensics
      Orchestrate Forensics at Scale
    • Singularity Threat Intelligence
      Comprehensive Adversary Intelligence
    • Singularity Vulnerability Management
      Application & OS Vulnerability Management
    • Singularity Identity
      Identity Threat Detection and Response
    Cloud Security
    • Singularity Cloud Security
      Block Attacks with an AI-Powered CNAPP
    • Singularity Cloud Native Security
      Secure Cloud and Development Resources
    • Singularity Cloud Workload Security
      Real-Time Cloud Workload Protection Platform
    • Singularity Cloud Data Security
      AI-Powered Threat Detection for Cloud Storage
    • Singularity Cloud Security Posture Management
      Detect and Remediate Cloud Misconfigurations
    Securing AI
    • Prompt Security
      Secure AI Tools Across Your Enterprise
  • Why SentinelOne?
    Why SentinelOne?
    • Why SentinelOne?
      Cybersecurity Built for What’s Next
    • Our Customers
      Trusted by the World’s Leading Enterprises
    • Industry Recognition
      Tested and Proven by the Experts
    • About Us
      The Industry Leader in Autonomous Cybersecurity
    Compare SentinelOne
    • Arctic Wolf
    • Broadcom
    • CrowdStrike
    • Cybereason
    • Microsoft
    • Palo Alto Networks
    • Sophos
    • Splunk
    • Trellix
    • Trend Micro
    • Wiz
    Verticals
    • Energy
    • Federal Government
    • Finance
    • Healthcare
    • Higher Education
    • K-12 Education
    • Manufacturing
    • Retail
    • State and Local Government
  • Services
    Managed Services
    • Managed Services Overview
      Wayfinder Threat Detection & Response
    • Threat Hunting
      World-Class Expertise and Threat Intelligence
    • Managed Detection & Response
      24/7/365 Expert MDR Across Your Entire Environment
    • Incident Readiness & Response
      DFIR, Breach Readiness, & Compromise Assessments
    Support, Deployment, & Health
    • Technical Account Management
      Customer Success with Personalized Service
    • SentinelOne GO
      Guided Onboarding & Deployment Advisory
    • SentinelOne University
      Live and On-Demand Training
    • Services Overview
      Comprehensive Solutions for Seamless Security Operations
    • SentinelOne Community
      Community Login
  • Partners
    Our Network
    • MSSP Partners
      Succeed Faster with SentinelOne
    • Singularity Marketplace
      Extend the Power of S1 Technology
    • Cyber Risk Partners
      Enlist Pro Response and Advisory Teams
    • Technology Alliances
      Integrated, Enterprise-Scale Solutions
    • SentinelOne for AWS
      Hosted in AWS Regions Around the World
    • Channel Partners
      Deliver the Right Solutions, Together
    • SentinelOne for Google Cloud
      Unified, Autonomous Security Giving Defenders the Advantage at Global Scale
    • Partner Locator
      Your Go-to Source for Our Top Partners in Your Region
    Partner Portal→
  • Resources
    Resource Center
    • Case Studies
    • Data Sheets
    • eBooks
    • Reports
    • Videos
    • Webinars
    • Whitepapers
    • Events
    View All Resources→
    Blog
    • Feature Spotlight
    • For CISO/CIO
    • From the Front Lines
    • Identity
    • Cloud
    • macOS
    • SentinelOne Blog
    Blog→
    Tech Resources
    • SentinelLABS
    • Ransomware Anthology
    • Cybersecurity 101
  • About
    About SentinelOne
    • About SentinelOne
      The Industry Leader in Cybersecurity
    • Investor Relations
      Financial Information & Events
    • SentinelLABS
      Threat Research for the Modern Threat Hunter
    • Careers
      The Latest Job Opportunities
    • Press & News
      Company Announcements
    • Cybersecurity Blog
      The Latest Cybersecurity Threats, News, & More
    • FAQ
      Get Answers to Our Most Frequently Asked Questions
    • DataSet
      The Live Data Platform
    • S Foundation
      Securing a Safer Future for All
    • S Ventures
      Investing in the Next Generation of Security, Data and AI
  • Pricing
Get StartedContact Us
CVE Vulnerability Database
Vulnerability Database/CVE-2025-64660

CVE-2025-64660: Visual Studio Code RCE Vulnerability

CVE-2025-64660 is a remote code execution vulnerability in Microsoft Visual Studio Code caused by improper access control in GitHub Copilot. This article covers the technical details, affected versions, and mitigation.

Published: May 26, 2026

CVE-2025-64660 Overview

CVE-2025-64660 is an improper access control vulnerability [CWE-284] affecting GitHub Copilot and Microsoft Visual Studio Code. An authorized attacker can exploit the flaw to execute code over a network against a vulnerable instance. Microsoft assigned this issue a high severity rating, reflecting the impact on confidentiality, integrity, and availability when exploitation succeeds.

The vulnerability requires the attacker to hold low privileges and convince a user to take an action, but it can be triggered remotely. Successful exploitation gives attackers code execution within the developer environment, which often holds source code, tokens, and cloud credentials.

Critical Impact

Authorized attackers can execute arbitrary code over the network through GitHub Copilot integration in Visual Studio Code, compromising developer workstations and connected source repositories.

Affected Products

  • Microsoft Visual Studio Code
  • GitHub Copilot extension for Visual Studio Code
  • Developer environments integrating Copilot with Visual Studio Code workflows

Discovery Timeline

  • 2025-11-20 - CVE-2025-64660 published to NVD
  • 2025-11-26 - Last updated in NVD database

Technical Details for CVE-2025-64660

Vulnerability Analysis

The vulnerability stems from improper access control [CWE-284] within the integration between GitHub Copilot and Visual Studio Code. Access decisions enforced by the extension or its supporting services fail to adequately restrict who can trigger sensitive code execution paths. An authorized attacker with low-level privileges can bypass these controls to run code on the target system.

Exploitation requires user interaction, which typically takes the form of opening a crafted workspace, accepting a suggestion, or interacting with attacker-influenced content surfaced through Copilot. Once user interaction completes, the attacker gains code execution in the context of the Visual Studio Code process. This context frequently includes access to local source repositories, environment variables, SSH keys, and signed-in cloud sessions.

Root Cause

The root cause is missing or insufficient authorization enforcement on a code path reachable through the Copilot and Visual Studio Code integration. The control gap allows attacker-supplied input or actions to reach functionality that should be restricted to trusted callers, enabling code execution.

Attack Vector

The attack vector is network-based with low attack complexity. The adversary requires low-level privileges on a related service or account and must induce the target user to perform an action within Visual Studio Code. After interaction occurs, the flawed access control allows the attacker to execute code with the privileges of the Visual Studio Code process. Microsoft has not published a public proof of concept, and no exploitation in the wild has been confirmed.

The vulnerability is described in prose because no verified exploit code is currently published. Refer to the Microsoft CVE-2025-64660 Advisory for vendor technical details.

Detection Methods for CVE-2025-64660

Indicators of Compromise

  • Unexpected child processes spawned by Code.exe or the Visual Studio Code helper processes, particularly shells, scripting interpreters, or curl/wget invocations.
  • Outbound network connections from Visual Studio Code or Copilot extension processes to untrusted hosts shortly after a workspace was opened or a Copilot suggestion was accepted.
  • Modification or creation of files in user profile directories, SSH key folders, or workspace .vscode configuration files by Visual Studio Code processes outside normal development activity.

Detection Strategies

  • Build endpoint detection rules that flag process trees where Code.exe or the Copilot extension host launches command interpreters such as cmd.exe, powershell.exe, bash, or python.
  • Correlate Copilot extension activity with file system writes to sensitive locations like ~/.ssh, ~/.aws, ~/.config, and credential stores.
  • Inspect network telemetry for new domains contacted by developer endpoints immediately after Copilot interaction events.

Monitoring Recommendations

  • Centralize Visual Studio Code and extension host logs into your SIEM and alert on unusual extension load events or auto-update activity for the Copilot extension.
  • Monitor for installation of unsigned or sideloaded VSIX packages on developer workstations.
  • Track Git operations and outbound pushes to repositories not previously seen for that developer to identify potential exfiltration.

How to Mitigate CVE-2025-64660

Immediate Actions Required

  • Update Visual Studio Code and the GitHub Copilot extension to the latest versions referenced in the Microsoft advisory.
  • Inventory all developer workstations running Visual Studio Code with Copilot enabled and prioritize patching for systems with access to production credentials or source repositories.
  • Rotate developer-held secrets, including source control tokens and cloud access keys, if signs of exploitation are present.

Patch Information

Microsoft has published guidance for CVE-2025-64660 through the Microsoft CVE-2025-64660 Advisory. Apply the fixed versions of Visual Studio Code and the GitHub Copilot extension as listed in the advisory. Enterprises that manage Visual Studio Code through deployment tooling should push the update to all managed endpoints and verify the extension version after rollout.

Workarounds

  • Disable or remove the GitHub Copilot extension on systems that cannot be patched immediately, especially those handling sensitive source code.
  • Enforce a policy prohibiting the opening of untrusted workspaces and require Workspace Trust to remain enabled in Visual Studio Code settings.
  • Restrict outbound network access from developer endpoints to known-good destinations until patching completes.
bash
# Verify installed Visual Studio Code and Copilot extension versions
code --version
code --list-extensions --show-versions | grep -i copilot

# Update the Copilot extension from the command line
code --install-extension GitHub.copilot --force
code --install-extension GitHub.copilot-chat --force

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

  • Vulnerability Details
  • TypeRCE
  • Vendor/TechMicrosoft Visual Studio Code
  • SeverityHIGH
  • CVSS Score8.0
  • EPSS Probability0.08%
  • Known ExploitedNo
  • CVSS Vector
  • CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
  • Impact Assessment
  • ConfidentialityLow
  • IntegrityHigh
  • AvailabilityHigh
  • CWE References
  • CWE-284
  • Vendor Resources
  • Microsoft CVE-2025-64660 Advisory
  • Related CVEs
  • CVE-2020-17023: Visual Studio Code RCE Vulnerability
  • CVE-2025-55319: Visual Studio Code RCE Vulnerability
  • CVE-2020-17148: Visual Studio Code RCE Vulnerability
  • CVE-2022-30129: Visual Studio Code RCE Vulnerability
Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.

Try SentinelOne
  • Get Started
  • Get a Demo
  • Product Tour
  • Why SentinelOne
  • Pricing & Packaging
  • FAQ
  • Contact
  • Contact Us
  • Customer Support
  • SentinelOne Status
  • Language
  • Platform
  • Singularity Platform
  • Singularity Endpoint
  • Singularity Cloud
  • Singularity AI-SIEM
  • Singularity Identity
  • Singularity Marketplace
  • Purple AI
  • Services
  • Wayfinder TDR
  • SentinelOne GO
  • Technical Account Management
  • Support Services
  • Verticals
  • Energy
  • Federal Government
  • Finance
  • Healthcare
  • Higher Education
  • K-12 Education
  • Manufacturing
  • Retail
  • State and Local Government
  • Cybersecurity for SMB
  • Resources
  • Blog
  • Labs
  • Case Studies
  • Videos
  • Product Tours
  • Events
  • Cybersecurity 101
  • eBooks
  • Webinars
  • Whitepapers
  • Press
  • News
  • Ransomware Anthology
  • Company
  • About Us
  • Our Customers
  • Careers
  • Partners
  • Legal & Compliance
  • Security & Compliance
  • Investor Relations
  • S Foundation
  • S Ventures

©2026 SentinelOne, All Rights Reserved.

Privacy Notice Terms of Use

English