Improper neutralization of special elements used in a command ('command injection') in Visual Studio Code CoPilot Chat Extension allows an unauthorized attacker to execute code over a network.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Microsoft |
|
No data.
References
History
Tue, 18 Nov 2025 17:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| CPEs | cpe:2.3:a:microsoft:visual_studio_code_copilot_chat_extension:*:*:*:*:*:*:*:* |
Fri, 14 Nov 2025 16:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Microsoft github Copilot Chat
|
|
| CPEs | cpe:2.3:a:microsoft:github_copilot_chat:*:*:*:*:*:visual_studio_code:*:* | |
| Vendors & Products |
Microsoft github Copilot Chat
|
Wed, 12 Nov 2025 12:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Microsoft
Microsoft visual Studio Microsoft visual Studio Code Copilot Chat Extension |
|
| Vendors & Products |
Microsoft
Microsoft visual Studio Microsoft visual Studio Code Copilot Chat Extension |
Tue, 11 Nov 2025 18:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Improper neutralization of special elements used in a command ('command injection') in Visual Studio Code CoPilot Chat Extension allows an unauthorized attacker to execute code over a network. | |
| Title | Agentic AI and Visual Studio Code Remote Code Execution Vulnerability | |
| Weaknesses | CWE-20 CWE-77 |
|
| References |
| |
| Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: microsoft
Published: 2025-11-11T17:59:49.273Z
Updated: 2025-11-26T00:20:48.265Z
Reserved: 2025-10-08T20:10:09.349Z
Link: CVE-2025-62222
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2025-11-11T18:15:49.887
Modified: 2025-11-14T15:47:58.830
Link: CVE-2025-62222
Redhat
No data.