CVE-2025-65717 is a vulnerability identified in the Live Server extension version 5.7.9 for Visual Studio Code, a widely used code editor. The flaw allows attackers to exfiltrate files by leveraging user interaction with a maliciously crafted HTML page served through the extension. The vulnerability stems from a combination of weaknesses: improper URL redirection (CWE-601), information exposure (CWE-200), and cross-site scripting (CWE-79). Specifically, the Live Server extension fails to properly validate or sanitize URLs and HTML content, enabling an attacker to craft a page that, when opened by a user, can access and transmit local files to an external server. The attack vector requires no privileges and no prior authentication but does require the user to interact with the malicious page, such as clicking a link or opening the page in the Live Server environment. The CVSS 3.1 base score is 4.3, indicating a medium severity primarily due to the confidentiality impact and the need for user interaction. There are no known exploits in the wild, and no official patches have been published at the time of this report. The vulnerability affects developers and organizations that use Visual Studio Code with the Live Server extension, particularly those who open untrusted or external HTML content. The issue highlights risks in development environments where extensions can expose local resources if not properly sandboxed or validated.

The primary impact of CVE-2025-65717 is the unauthorized disclosure of local files from a developer's environment. This can lead to leakage of sensitive source code, configuration files, credentials, or other proprietary information. While the vulnerability does not affect system integrity or availability, the confidentiality breach can facilitate further attacks such as intellectual property theft, credential compromise, or targeted exploitation based on exposed data. Organizations worldwide that rely on Visual Studio Code and the Live Server extension for web development are at risk, especially if developers open untrusted HTML content or access external resources through the extension. The attack requires user interaction, limiting automated exploitation but still posing a significant risk in social engineering scenarios. The lack of patches increases exposure time, and the widespread use of Visual Studio Code amplifies potential impact. Development teams working on sensitive projects or in regulated industries face higher risks due to potential data leakage.

1. Immediately restrict or disable the Live Server extension version 5.7.9 in Visual Studio Code until a patch is released. 2. Avoid opening untrusted or externally sourced HTML content using the Live Server extension to prevent triggering the vulnerability. 3. Educate developers about the risks of interacting with unknown or suspicious HTML pages served via Live Server. 4. Monitor official Visual Studio Code and Live Server extension channels for security updates and apply patches promptly once available. 5. Implement network-level controls to restrict outbound connections from developer machines to untrusted domains, limiting data exfiltration opportunities. 6. Use endpoint detection and response (EDR) tools to detect unusual file access or network activity related to Live Server usage. 7. Consider sandboxing or isolating development environments to contain potential data leaks. 8. Review and audit extension permissions and configurations regularly to minimize exposure. 9. Encourage use of alternative methods for local web serving that have stronger security controls if immediate patching is not feasible.