CVE-2025-52882: Claude Code is an agentic coding tool. Claude Code extensions in VSCode and forks (e.g., Cursor, Windsurf, and VSCodium)
Summary
Claude Code is an AI-powered coding assistant available as extensions in popular coding editors (IDEs, or integrated development environments, which are software tools developers use to write code). Versions before 1.0.24 for VSCode and before 0.1.9 for JetBrains IDEs have a security flaw that lets attackers connect to the tool without permission when users visit malicious websites, potentially allowing them to read files, see what code you're working on, or even run code in certain situations.
Solution / Mitigation
Claude released a patch on June 13th, 2025. For VSCode and similar editors, open Extensions (View->Extensions), find Claude Code for VSCode, and update or uninstall any version prior to 1.0.24, then restart the editor. For JetBrains IDEs (IntelliJ, PyCharm, Android Studio), open the Plugins list, find Claude Code [Beta], update or uninstall any version prior to 0.1.9, and restart the IDE. The extension auto-updates when launched, but users should manually verify they have the patched version.
Vulnerability Details
EPSS: 0.1%
Classification
Taxonomy References
Affected Vendors
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-52882
First tracked: February 15, 2026 at 08:52 PM
Classified by LLM (prompt v3) · confidence: 95%