Cybersecurity researchers have disclosed a critical vulnerability in the Open VSX Registry (“open-vsx[.]org”) that, if successfully exploited, could have enabled attackers to take control of the entire Visual Studio Code extensions marketplace, posing a severe supply chain risk.
“This vulnerability provides attackers full control over the entire extensions marketplace, and in turn, full control over millions of developer machines,” Koi Security researcher Oren Yomtov said. “By exploiting a CI issue a malicious actor could publish malicious updates to every extension on Open VSX.”
Following responsible disclosure on May 4, 2025, the multiple rounds of fixes were proposed by the maintainers, before it was finally deployed on June 25.
Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).
➤ Get Mullvad VPN with 12% Discount
Open VSX Registry is an open-source project and alternative to the Visual Studio Marketplace. It’s maintained by the Eclipse Foundation. Several code editors like Cursor, Windsurf, Google Cloud Shell Editor, Gitpod, and others integrate it into their services.
“This widespread adoption means that a compromise of Open VSX is a supply-chain nightmare scenario,” Yomtov said. “Every single time an extension is installed, or an extension update fetched silently in the background, these actions go through Open VSX.”
The vulnerability discovered by Koi Security is rooted in the publish-extensions repository, which includes scripts to publish open-source VS Code extensions to open-vsx.org.
Developers can request their extension to be auto-published by submitting a pull request to add it to the extensions.json file present in the repository, after which it’s approved and merged.
In the backend, this plays out in the form of a GitHub Actions workflow that’s daily run at 03:03 a.m. UTC that takes as input a list of comma-separated extensions from the JSON file and publishes them to the registry using the vsce npm package.
“This workflow runs with privileged credentials including a secret token (OVSX_PAT) of the @open-vsx service account that has the power to publish (or overwrite) any extension in the marketplace,” Yomtov said. “In theory, only trusted code should ever see that token.”
“The root of the vulnerability is that npm install runs the arbitrary build scripts of all the auto-published extensions, and their dependencies, while providing them with access to the OVSX_PAT environment variable.”
This means that it’s possible to obtain access to the @open-vsx account’s token, enabling privileged access to the Open VSX Registry, and providing an attacker with the ability to publish new extensions and tamper with existing ones to insert malicious code.
The risk posed by extensions has not gone unnoticed by MITRE, which has introduced a new “IDE Extensions” technique in its ATT&CK framework as of April 2025, stating it could be abused by malicious actors to establish persistent access to victim systems.
“Every marketplace item is a potential backdoor,” Yomtov said. “They’re unvetted software dependencies with privileged access, and they deserve the same diligence as any package from PyPI, npm, Hugginface, or GitHub. If left unchecked, they create a sprawling, invisible supply chain that attackers are increasingly exploiting.”
Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.
Some parts of this article are sourced from:
thehackernews.com
Critical RCE Flaws in Cisco ISE and ISE-PIC Allow Unauthenticated Attackers to Gain Root Access