{"data":{"id":"c7bbd579-3b8f-434b-8915-b78d6112edef","title":"CVE-2025-53773: Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio ","summary":"CVE-2025-53773 is a command injection vulnerability (a flaw where special characters in user input are not properly filtered, allowing an attacker to run unauthorized commands) found in GitHub Copilot and Visual Studio that lets an unauthorized attacker execute code on a user's local computer. The vulnerability exploits improper handling of special elements in commands, potentially through prompt injection (tricking the AI by hiding malicious instructions in its input).","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2025-53773","publishedAt":"2025-08-12T18:15:45.940Z","cveId":"CVE-2025-53773","cweIds":["CWE-77"],"cvssScore":"7.8","cvssSeverity":"high","severity":"high","attackType":["prompt_injection"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["Microsoft"],"affectedVendorsRaw":["GitHub Copilot","Visual Studio","Microsoft"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00641,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-88"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}