Skip to main content
CVE Vulnerability Database
Vulnerability Database/CVE-2025-64671

CVE-2025-64671: Microsoft Github Copilot RCE Vulnerability

CVE-2025-64671 is a remote code execution vulnerability in Microsoft Github Copilot caused by command injection flaws. Attackers can execute arbitrary code locally. This article covers technical details, impact, and mitigation.

Published:

CVE-2025-64671 Overview

CVE-2025-64671 is a command injection vulnerability in Microsoft GitHub Copilot for JetBrains IDEs. The flaw stems from improper neutralization of special elements used in a command, classified under [CWE-77]. An authenticated local attacker can leverage this weakness to execute arbitrary code on the affected workstation. Microsoft published the advisory on December 9, 2025, and assigned the vulnerability a CVSS 3.1 base score of 7.8 with the vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Critical Impact

Successful exploitation grants attackers full confidentiality, integrity, and availability impact on the compromised host through the GitHub Copilot JetBrains plugin.

Affected Products

  • Microsoft GitHub Copilot extension for JetBrains IDEs
  • CPE: cpe:2.3:a:microsoft:github_copilot:*:*:*:*:*:jetbrains:*:*
  • All JetBrains IDE versions running the vulnerable Copilot plugin prior to the Microsoft-issued fix

Discovery Timeline

  • 2025-12-09 - CVE-2025-64671 published to NVD
  • 2026-06-17 - Last updated in NVD database

Technical Details for CVE-2025-64671

Vulnerability Analysis

The vulnerability resides in how the GitHub Copilot plugin for JetBrains constructs and executes shell commands. The plugin fails to properly neutralize special shell metacharacters in inputs that flow into command execution routines. When Copilot processes attacker-influenced content, embedded shell operators such as ;, |, &&, or backticks are interpreted by the underlying shell rather than treated as literal data.

Exploitation requires local access and low privileges but no user interaction. The attack scope remains unchanged, meaning execution occurs within the security context of the user running the JetBrains IDE. Because developer workstations frequently hold source code, cloud credentials, and signing keys, code execution on these hosts creates supply-chain risk beyond the individual endpoint.

Root Cause

The root cause is improper input neutralization ([CWE-77]) in a command construction pathway inside the Copilot JetBrains extension. Untrusted input is concatenated into a command string that is then passed to a shell interpreter without sanitization, escaping, or use of argument arrays.

Attack Vector

The attack vector is local. An attacker with the ability to influence content processed by the Copilot plugin — for example, through a malicious repository, crafted prompt content, or attacker-controlled workspace files — can inject shell syntax that Copilot passes to the operating system. The injected command runs with the privileges of the developer using the IDE. Microsoft has not published exploitation code, and no public proof-of-concept exists at this time.

Detection Methods for CVE-2025-64671

Indicators of Compromise

  • Unexpected child processes spawned by JetBrains IDE processes such as idea64.exe, pycharm64.exe, webstorm64.exe, or the JetBrains Copilot helper binary
  • Shell interpreters (cmd.exe, powershell.exe, /bin/sh, /bin/bash) launched with unusual arguments from a JetBrains process tree
  • Outbound network connections initiated from processes chained to a JetBrains IDE parent shortly after opening an untrusted project

Detection Strategies

  • Monitor process creation telemetry for command interpreters whose parent process is a JetBrains IDE or the Copilot plugin host
  • Alert on JetBrains processes writing to autorun locations, scheduled tasks, cron entries, or shell profile files
  • Correlate developer workstation events with repository clone activity to identify malicious project ingestion followed by command execution

Monitoring Recommendations

  • Enable command-line argument logging on Windows (Audit Process Creation with command-line capture) and equivalent auditd rules on Linux and macOS
  • Track plugin and extension versions across developer endpoints to confirm patched builds are deployed
  • Ingest EDR telemetry into a centralized data lake to hunt across the fleet for anomalous IDE-spawned processes

How to Mitigate CVE-2025-64671

Immediate Actions Required

  • Update the GitHub Copilot plugin for JetBrains to the fixed version identified in the Microsoft CVE-2025-64671 Advisory
  • Restrict opening untrusted repositories in IDEs with Copilot enabled until patching is complete
  • Enforce least-privilege on developer accounts to limit the blast radius of local code execution

Patch Information

Microsoft has released a security update for the GitHub Copilot JetBrains extension. Refer to the Microsoft CVE-2025-64671 Advisory for the specific fixed version and deployment guidance. Update the plugin through the JetBrains Marketplace or the IDE plugin manager.

Workarounds

  • Disable the GitHub Copilot plugin in JetBrains IDEs until the update is applied
  • Use JetBrains "Trusted Projects" settings to prevent automatic code and plugin actions on untrusted workspaces
  • Segment developer workstations from sensitive production credentials and enforce hardware-backed credential storage
bash
# Verify installed Copilot plugin version on a JetBrains IDE (Linux/macOS example)
ls ~/.config/JetBrains/*/plugins/github-copilot-intellij/
cat ~/.config/JetBrains/*/plugins/github-copilot-intellij/lib/*.jar 2>/dev/null | strings | grep -i "copilot.version"

# Temporarily disable the plugin via CLI (close IDE first)
mv ~/.config/JetBrains/<IDE_VERSION>/plugins/github-copilot-intellij \
   ~/.config/JetBrains/<IDE_VERSION>/plugins/github-copilot-intellij.disabled

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.