Critical VS Code Extension Vulnerabilities Expose 128 Million Developer Machines to Attack

Three critical vulnerabilities hit four popular VS Code extensions with 128 million downloads. CVE-2025-65715, CVE-2025-65716, and CVE-2025-65717 allow remote code execution, file exfiltration, and network scanning. OX Security found these flaws threaten developer laptops holding API keys, source code, and database configs. Developer machines sit outside traditional defenses. IDE extensions run with full system access. […] The post Critical VS Code Extension Vulnerabilities Expose 128 Million Developer Machines to Attack appeared first on VPN Central.