CVE-2025-62453

Description

Improper validation of generative ai output in GitHub Copilot and Visual Studio Code allows an authorized attacker to bypass a security feature locally.

PUBLISHED Reserved 2025-10-14 | Published 2025-11-11 | Updated 2025-11-26 | Assigner microsoft

Problem types

CWE-1426: Improper Validation of Generative AI Output

CWE-693: Protection Mechanism Failure

Product status

References

msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62453 (GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability) vendor-advisory

cve.org (CVE-2025-62453)

nvd.nist.gov (CVE-2025-62453)

Download JSON