CVE-2025-65715 – CVE-2025-65715 is a remote code execution vulne... (How to Fix)

Q: What is the severity of CVE-2025-65715?

CVE-2025-65715 has a CVSS score of 7.8 (HIGH). CVE-2025-65715 is a remote code execution vulnerability in Visual Studio Code's Code Runner extension that allows attackers to execute arbitrary code when users open a malicious workspace. This affects developers using the vulnerable Code Runner extension version. The vulnerability exploits improper handling of the code-runner.executorMap setting.

📋 TL;DR

CVE-2025-65715 is a remote code execution vulnerability in Visual Studio Code's Code Runner extension that allows attackers to execute arbitrary code when users open a malicious workspace. This affects developers using the vulnerable Code Runner extension version. The vulnerability exploits improper handling of the code-runner.executorMap setting.

💻 Affected Systems

Products:

Visual Studio Code Code Runner Extension

Versions: v0.12.2 and earlier

Operating Systems: Windows, Linux, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: Requires the Code Runner extension to be installed and enabled. Vulnerability triggers when opening a crafted workspace file.

📦 What is this software?

Coderunner by Formulahendry

View all CVEs affecting Coderunner →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to install malware, steal credentials, pivot to other systems, and maintain persistent access.

🟠

Likely Case

Attackers execute malicious code in the context of the user opening the workspace, potentially stealing development credentials, source code, or deploying ransomware.

🟢

If Mitigated

Limited impact if extension is disabled or patched, though malicious workspace could still cause denial of service.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires user interaction (opening malicious workspace). Proof of concept available in security advisories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v0.12.3 or later

Vendor Advisory: https://github.com/formulahendry/vscode-code-runner/security/advisories

Restart Required: Yes

Instructions:

1. Open Visual Studio Code. 2. Go to Extensions view (Ctrl+Shift+X). 3. Search for 'Code Runner'. 4. Click Update button or uninstall/reinstall latest version. 5. Restart VS Code.

🔧 Temporary Workarounds

Disable Code Runner Extension

all

Temporarily disable the vulnerable extension until patched.

code --disable-extension formulahendry.code-runner

Restrict Workspace Files

all

Only open workspace files from trusted sources.

🧯 If You Can't Patch

Disable the Code Runner extension completely
Implement application allowlisting to prevent execution of unknown binaries

🔍 How to Verify

Check if Vulnerable:

Check Code Runner extension version in VS Code Extensions view. If version is 0.12.2 or earlier, you are vulnerable.

Check Version:

code --list-extensions --show-versions | findstr code-runner

Verify Fix Applied:

Verify Code Runner extension version is 0.12.3 or later in Extensions view.

📡 Detection & Monitoring

Log Indicators:

Unusual process execution from VS Code
Suspicious command execution in terminal
Unexpected network connections from code processes

Network Indicators:

Outbound connections to unknown IPs from VS Code process
DNS queries for suspicious domains

SIEM Query:

process_name:vscode* AND (process_command_line:*workspace* OR process_command_line:*code-runner*)

📊 Metadata

CVE ID: CVE-2025-65715

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-94

Published: February 16, 2026

Last Updated: February 25, 2026

🔗 References

https://github.com/formulahendry/vscode-code-runner Exploit
https://www.ox.security/blog/cve-2025-65715-code-runner-vscode-rce/ Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-65715, you might also want to check these: