{"data":{"id":"5e00667f-ba3d-42a8-8743-689d91d2128e","title":"CVE-2025-64660: Improper access control in GitHub Copilot and Visual Studio Code allows an authorized attacker to execute code over a ne","summary":"CVE-2025-64660 is a vulnerability in GitHub Copilot and Visual Studio Code that involves improper access control (a flaw in how the software checks who is allowed to do what), allowing an authorized attacker to execute code over a network. The vulnerability has a CVSS 4.0 severity rating (a 0-10 scale measuring how serious a vulnerability is). This means someone with legitimate access to these tools could potentially run malicious code remotely.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2025-64660","publishedAt":"2025-11-20T23:15:56.943Z","cveId":"CVE-2025-64660","cweIds":["CWE-284"],"cvssScore":"8","cvssSeverity":"high","severity":"high","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["Microsoft"],"affectedVendorsRaw":["GitHub Copilot","Visual Studio Code","Microsoft"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00076,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}