New Vulnerability Discovered in Popular IDEs Including Visual Studio

A recent study by OX Security highlights vulnerabilities in popular coding platforms like Microsoft Visual Studio Code, Visual Studio, IntelliJ IDEA, and Cursor, where extensions can be manipulated to run malicious code on developers' systems. Researchers Nir Zadok and Moshe Siman Tov Bustan discovered that Visual Studio Code's verification process is weak, allowing publishers to add features to extensions without losing their "verified" status. This flaw can deceive developers into trusting harmful extensions.

The study demonstrated that hackers could create fake extensions mimicking verified ones by exploiting verification information, bypassing security checks, and making these extensions appear legitimate. This poses a significant risk as it allows remote code execution in environments with sensitive data.

OX Security illustrated this vulnerability by crafting an extension that executed commands, such as opening the Calculator app on Windows. They found similar issues in IntelliJ IDEA and Cursor, where verification information could be altered without affecting the verified status.

Microsoft responded by stating that their system is designed to prevent such fake extensions from being published due to signature verification. However, OX Security noted that the vulnerability was still exploitable as of June 29, 2025. The study underscores the unreliability of the "verified" symbol on extensions, advising developers to download extensions only from official stores to avoid potential threats. The ability to embed malicious code in extensions and distribute them while retaining verified symbols poses a severe risk, particularly for developers sourcing extensions from platforms like GitHub.

Stay secure — stay Wavasec. 🔐