CVE-2025-55319

HIGH

Agentic AI & VSCode - Command Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-55319. PoCs published by nephila016.

AI-analyzed exploit summary This repository provides a functional proof-of-concept for CVE-2025-55319, a remote code execution vulnerability in Visual Studio Code via a malicious VSIX extension. The exploit leverages an auto-activating extension with a hidden PowerShell reverse shell payload, triggered upon VS Code launch without user interaction.

Description

Ai command injection in Agentic AI and Visual Studio Code allows an unauthorized attacker to execute code over a network.

Exploits (1)

github WORKING POC
by nephila016 · javascriptpoc
https://github.com/nephila016/CVE-2025-55319-PoC

This repository provides a functional proof-of-concept for CVE-2025-55319, a remote code execution vulnerability in Visual Studio Code via a malicious VSIX extension. The exploit leverages an auto-activating extension with a hidden PowerShell reverse shell payload, triggered upon VS Code launch without user interaction.

Classification
Working Poc 98%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Visual Studio Code (versions affected by CVE-2025-55319, likely ^1.118.0 as per engines field)
No auth needed
Prerequisites: Target must install the malicious VSIX extension (e.g., via social engineering or forced installation) · Attacker must have a listener (e.g., netcat) running on a reachable IP/port · Target must be running Windows (PowerShell payload)
mistral-large-3 · analyzed Jul 12, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

CVSS v3 8.8
EPSS 0.0085
EPSS Percentile 54.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-77
Status published
Products (1)
microsoft/visual_studio_code < 1.104.0
Published Sep 12, 2025
Tracked Since Feb 18, 2026