A severe security vulnerability has been uncovered in the Open VSX Registry (open-vsx[.]org), potentially exposing millions of developers and their machines to dangerous supply chain attacks. Security researchers warn that attackers could have taken full control of the Visual Studio Code (VS Code) extensions ecosystem by exploiting a weakness in the registry’s infrastructure.
This critical flaw was disclosed by Koi Security researcher Oren Yomtov, who emphasized the risk:
“This vulnerability provides attackers full control over the entire extensions marketplace, and in turn, full control over millions of developer machines.”
The Open VSX Registry is an open-source alternative to the official Visual Studio Marketplace. Maintained by the Eclipse Foundation, it is widely used by popular development platforms and editors such as:
Gitpod
Google Cloud Shell Editor
Cursor
Windsurf
Coder
These platforms rely on Open VSX to deliver and update Visual Studio Code extensions to users.
Because of its widespread use, a compromise in Open VSX could have caused a massive supply chain breach, affecting every developer or organization using it for managing their coding extensions.
The flaw was responsibly disclosed on May 4, 2025. The Eclipse Foundation worked with Koi Security through multiple rounds of fixes. The final and stable patch was released on June 25, 2025, closing the vulnerability and mitigating the risk.
At the core of this vulnerability was a CI/CD (Continuous Integration/Deployment) pipeline issue in the Open VSX infrastructure.
Developers who want their VS Code extensions published on open-vsx[.]org can submit a pull request to include their extension in the extensions.json file within the publish-extensions GitHub repository. After approval, the publishing process is automated.
Every day at 03:03 a.m. UTC, a GitHub Actions workflow automatically processes this list of extensions. It uses the vsce npm package to upload or update extensions in the Open VSX Registry.
The issue is that this publishing process runs with a high-privilege token called OVSX_PAT. This token is tied to the @open-vsx service account, which has the authority to:
Publish new extensions
Overwrite existing extensions
Yomtov explained,
“In theory, only trusted code should ever see that token.”
However, the flaw was that during the npm install phase, build scripts of the extensions – including their dependencies – are executed. This opens the door for arbitrary code execution with access to the OVSX_PAT environment variable.
In simpler terms, any extension’s malicious build script could steal the token and gain unauthorized access to the registry. Once obtained, an attacker could:
Upload malicious extensions
Replace existing extensions with tampered versions
Push malware to millions of developers silently
Every time a user installs a new extension or updates an existing one via Open VSX, the action automatically pulls code from the registry. If that code is compromised, attackers could deliver malware directly into development environments without user knowledge.
This kind of breach is classified as a software supply chain attack—a method that is becoming increasingly popular with cybercriminals and state-sponsored threat actors.
Highlighting the growing threat, MITRE has now included IDE Extensions as a new attack technique in its ATT&CK framework as of April 2025. This acknowledges that extensions in development environments like VS Code can be abused to maintain persistent access on victim systems.
Yomtov warned:
“Every marketplace item is a potential backdoor. They’re unvetted software dependencies with privileged access. If left unchecked, they create a sprawling, invisible supply chain that attackers are increasingly exploiting.”
With this incident, it becomes clear that VS Code extensions and other development tools must be treated as high-risk dependencies, much like packages from npm, PyPI, or GitHub.
Best practices include:
Monitoring extension behavior using endpoint detection and logging
Reviewing extension sources and code before using them
Restricting automatic updates of third-party extensions
Pinning trusted versions of extensions to avoid unexpected updates
This vulnerability in Open VSX Registry serves as a wake-up call for the developer community. The tools and extensions used every day in development pipelines are part of the larger software supply chain, and when left unsecured, they can be weaponized.
As the software ecosystem becomes more interconnected, securing every link in the chain—including IDE extensions—is no longer optional. It’s essential for reducing cyber risk and maintaining trust in development workflows.
Interesting Article : CVE-2025-20281 & CVE-2025-20282: Cisco ISE Bugs With 10/10 Severity
Pingback: Canada Bans Hikvision Over National Security Risks