Donate Telegram

CVE-2025-65717

CRITICAL CVSS 3.1: 9.1 EPSS 0.03%

Feb 16, 2026

Updated Feb 17, 2026

An

Parameter	Value
CVSS	9.1 (CRITICAL)
Type	CWE-200 (Information Exposure (Раскрытие информации)), CWE-601 (Open Redirect (Открытое перенаправление)), CWE-79 (Cross-Site Scripting (XSS) (Межсайтовый скриптинг))
Vendor	An
Public PoC	No

An issue in Visual Studio Code Extensions Live Server v5.7.9 allows attackers to exfiltrate files via user interaction with a crafted HTML page.

Attack Parameters

Attack Vector

Network

Атака возможна удалённо

Attack Complexity

Low

Легко эксплуатировать

Privileges Required

None

Права не нужны

User Interaction

None

Не нужно действие пользователя

Impact Assessment

Confidentiality

High

Полная утечка данных

Integrity

High

Полная модификация данных

Availability

None

Нет нарушения работы

CVSS Vector v3.1

Weakness Type (CWE)

CWE-200 Information Exposure (Раскрытие информации)

CWE-601 Open Redirect (Открытое перенаправление)

CWE-79 Cross-Site Scripting (XSS) (Межсайтовый скриптинг)

References 2

https://github.com/ritwickdey/vscode-live-server

https://www.ox.security/blog/cve-2025-65717-live-server-vscode-vulnerability/

Share Post Share Share Share

CVE Details

CVE ID

CVE-2025-65717

Published Date

Feb 16, 2026

Vendor

An

Severity

CRITICAL

CVSS v3.1 Score

9.1

Critical severity. Immediate action required.

Attack Analysis

Exploitability 3.9/10

How easy to exploit

Impact 5.2/10

Severity of consequences

Exploit Prediction (EPSS)

Probability of Exploit 0.03%

Likelihood of exploitation in next 30 days

Percentile: 8.5th percentile (higher than 8.5% of all CVEs)

Standard patching cycle

Impact

Full data disclosure

Complete data modification

Source

Editor's Choice