vulnerability
FreeBSD: VID-6f10b49d-07b1-4be4-8abf-edf880b16ad2 (CVE-2025-21264): vscode -- security feature bypass vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:L/AC:M/Au:N/C:C/I:P/A:N) | May 14, 2025 | May 15, 2025 | Dec 10, 2025 |
Severity
5
CVSS
(AV:L/AC:M/Au:N/C:C/I:P/A:N)
Published
May 14, 2025
Added
May 15, 2025
Modified
Dec 10, 2025
Description
VSCode developers report: A security feature bypass vulnerability exists in VS Code 1.100.0 and earlier versions where a maliciously crafted URL could be considered trusted when it should not have due to how VS Code handled glob patterns in the trusted domains feature. When paired with the #fetch tool in Chat, this scenario would require the attacker to convince an LLM (via prompt injection) to fetch the maliciously crafted URL but when fetched, the user would have no moment to confirm the flighting of the request.
Solution
freebsd-upgrade-package-vscode
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.