CVE-2025-65717

MEDIUM

Visual Studio Code Extensions Live Server <5.7.9 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-65717. PoCs published by natsuki-engr.

AI-analyzed exploit summary This repository contains a functional proof-of-concept exploit for CVE-2025-65717, demonstrating how the Live Server VSCode extension's lack of origin restrictions allows malicious web pages to scan for and crawl local Live Server instances, exposing filesystem contents.

Description

An issue in Visual Studio Code Extensions Live Server v5.7.9 allows attackers to exfiltrate files via user interaction with a crafted HTML page.

Exploits (1)

nomisec WORKING POC
by natsuki-engr · poc
https://github.com/natsuki-engr/live-server-evil-crawler

This repository contains a functional proof-of-concept exploit for CVE-2025-65717, demonstrating how the Live Server VSCode extension's lack of origin restrictions allows malicious web pages to scan for and crawl local Live Server instances, exposing filesystem contents.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Live Server VSCode extension
No auth needed
Prerequisites: Victim must have Live Server VSCode extension running on localhost · Attacker must lure victim to a malicious webpage
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 4.3
EPSS 0.0051
EPSS Percentile 39.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-200 CWE-601 CWE-79
Status published
Products (1)
ritwickdey/live_server 5.7.9
Published Feb 16, 2026
Tracked Since Feb 18, 2026