Python extension for Visual Studio Code Remote Code Execution Vulnerability

There is a security vulnerability in the untrusted workspaces flow with specially crafted workspaces.

### Patches

The fix is available starting with 2025.8.1 fix is: https://github.com/microsoft/vscode-python/commit/5e64d0e3963b63511a41346b88f140d5d7b684b7

### Workarounds

Check for python executables checked-into SCM before opening untrusted workspaces.

### References
* The patch for this can be found at https://github.com/microsoft/vscode-python/commit/5e64d0e3963b63511a41346b88f140d5d7b684b7
* MSRC details for this can be found at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49714
* Security advisory: https://github.com/microsoft/vscode-python/security/advisories/GHSA-3jg7-gmqj-5gx7

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Python extension for Visual Studio Code Remote Code Execution Vulnerability #25253

Patches

Workarounds

References

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Python extension for Visual Studio Code Remote Code Execution Vulnerability #25253

Description

Patches

Workarounds

References

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions