Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.3
Visual Studio Code Extension Live Server Can Leak Files via Malicious Web Pages
CVE-2025-65717
Summary
An issue in Visual Studio Code's Live Server extension allows an attacker to steal files from your computer if you open a specially crafted web page. This could happen if you use the extension and open a malicious link or file. To stay safe, update the Live Server extension to the latest version.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| ritwickdey | live_server | > 5.7.9 | – |
Original title
An issue in Visual Studio Code Extensions Live Server v5.7.9 allows attackers to exfiltrate files via user interaction with a crafted HTML page.
Original description
An issue in Visual Studio Code Extensions Live Server v5.7.9 allows attackers to exfiltrate files via user interaction with a crafted HTML page.
nvd CVSS3.1
4.3
Vulnerability type
CWE-79
Cross-site Scripting (XSS)
CWE-200
Information Exposure
CWE-601
Open Redirect
- https://github.com/ritwickdey/vscode-live-server Product
- https://www.ox.security/blog/cve-2025-65717-live-server-vscode-vulnerability/ Exploit Third Party Advisory
Published: 16 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026