New investigations in integrated development environments (IDES) such as Microsoft Visual Studio Code, Visual Studio, Intellij Idea, Cursor reveal weaknesses in how the enhanced validation process handles, ultimately allowing attackers to run malicious code on their developer machines.
“The flawed validation checks in Visual Studio code allow publishers to add functionality to their extensions while maintaining their validated icons,” said OX security researchers Nir Zadok and Moshe Siman Tov Bustan in a report shared with Hacker News. “This can create false confidence that malicious extensions may appear to be validated and approved.”
Specifically, the analysis revealed that Visual Studio Code sends an HTTP POST request to the domain “MarketPlace.VisualStudio(.)com”.
The exploitation method essentially involves creating a malicious extension with the same verifiable value as a validated extension like Microsoft, and bypassing the trust check.
As a result, it can also include code that can run operating system commands, while still appearing to have Rogue Extensions validated to unsuspecting developers.
From a security standpoint, this is a classic case of extensions extending abuse, and the misleading actors distributing plugins outside the official market. Without enforcement or verification of trustworthy publishers signed with the right code, even legal extensions can hide dangerous scripts.
For attackers, this opens a low barrier entry point for achieving remote code execution. This is a particularly serious risk in development environments where sensitive credentials and source code are often accessible.
In the proof of concept (POC), proven by cybersecurity companies, the extension is configured to open computer apps on Windows machines, highlighting the ability to run commands on the underlying host.
I found it possible to create a VSIX package file that will make malicious extensions appear legal by identifying the values used in the verification request and modifying them.
Ox Security said that by changing the values used for validation without checking, it can reproduce defects in other IDEs, such as Intellij ideas and cursors.
In response to responsible disclosure, Microsoft said that the actions are by design and that changes will prevent VSIX extensions from being exposed to the market with enhanced signature verification enabled by default on all platforms.
However, cybersecurity companies discovered that this flaw was recently exploitable on June 29, 2025. Hacker News contacted Microsoft for comment.
The findings once again show that relying solely on validated symbols of extensions can be at risk, as attackers can trick developers into running malicious code without knowledge. To mitigate this risk, we recommend installing the extension directly from the official market, rather than using vSix extensions that are shared online.
“The ability to insert malicious code into an extension, package it as a vSIX/zip file, and install it while maintaining the symbols seen on multiple major development platforms poses a serious risk,” the researchers said. “This vulnerability particularly affects developers who install extensions from online resources such as GitHub.”
