CVE-2025-65717 is a security vulnerability identified in version 5.7.9 of the Live Server extension for Visual Studio Code. This extension is widely used by developers to launch a local development server with live reload capability. The vulnerability allows an attacker to exfiltrate files from the victim's system by leveraging crafted HTML pages that require user interaction, such as clicking a link or opening a page served by the Live Server. The attack vector involves tricking the user into interacting with malicious content that exploits insufficient access controls or improper handling of local file requests within the extension. While the exact technical mechanism is not detailed, the core issue is that the extension can be manipulated to read and transmit local files to an attacker-controlled server. No CVSS score has been assigned yet, and no patches or known exploits are currently documented. The vulnerability primarily impacts confidentiality, as unauthorized file access can lead to leakage of sensitive information. The attack requires user interaction, which reduces the likelihood of automated widespread exploitation but does not eliminate risk, especially in targeted attacks. The scope is limited to users of Visual Studio Code with the vulnerable Live Server extension installed, which includes many developers and IT professionals. The lack of a patch means users remain exposed until an update is released or mitigations are applied.

For European organizations, this vulnerability poses a significant risk to the confidentiality of sensitive data, including source code, credentials, and proprietary information stored on developer machines. Organizations in sectors such as software development, finance, and critical infrastructure that rely heavily on Visual Studio Code and its extensions could face intellectual property theft or leakage of confidential data. The requirement for user interaction means that phishing or social engineering campaigns could be used to exploit this vulnerability. The impact on integrity and availability is minimal, but the breach of confidentiality can lead to secondary impacts such as reputational damage, regulatory penalties under GDPR, and potential financial losses. The risk is amplified in environments where developers have access to sensitive internal resources or where endpoint security controls are weak. Since no known exploits are currently in the wild, proactive mitigation is critical to prevent future attacks.

European organizations should immediately audit their Visual Studio Code environments to identify installations of the Live Server extension version 5.7.9. Until a patch is available, it is advisable to disable or uninstall the vulnerable extension to eliminate the attack vector. Implement strict endpoint security policies that restrict the execution of untrusted code and monitor for suspicious network activity indicative of data exfiltration. Educate developers and users about the risks of interacting with unsolicited or suspicious HTML content, emphasizing caution with links and files from unknown sources. Employ network segmentation and egress filtering to limit unauthorized outbound connections from developer workstations. Additionally, consider deploying application whitelisting and enhanced logging to detect exploitation attempts. Once a patch is released, prioritize timely updates. Organizations should also review and enforce least privilege principles for file system access within development environments to minimize exposure.