Exploitation Summary
EIP tracks 1 public exploit for CVE-2025-55319. PoCs published by nephila016.
AI-analyzed exploit summary This repository provides a functional proof-of-concept for CVE-2025-55319, a remote code execution vulnerability in Visual Studio Code via a malicious VSIX extension. The exploit leverages an auto-activating extension with a hidden PowerShell reverse shell payload, triggered upon VS Code launch without user interaction.
Description
Ai command injection in Agentic AI and Visual Studio Code allows an unauthorized attacker to execute code over a network.
Exploits (1)
This repository provides a functional proof-of-concept for CVE-2025-55319, a remote code execution vulnerability in Visual Studio Code via a malicious VSIX extension. The exploit leverages an auto-activating extension with a hidden PowerShell reverse shell payload, triggered upon VS Code launch without user interaction.
References (1)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H