AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2025-64660: Improper access control in GitHub Copilot and Visual Studio Code allows an authorized attacker to execute code over a ne

highvulnerabilityLLM-Specific

security

Source: NVD/CVE DatabaseNovember 20, 2025CVE-2025-64660

Summary

CVE-2025-64660 is a vulnerability in GitHub Copilot and Visual Studio Code that involves improper access control (a flaw in how the software checks who is allowed to do what), allowing an authorized attacker to execute code over a network. The vulnerability has a CVSS 4.0 severity rating (a 0-10 scale measuring how serious a vulnerability is). This means someone with legitimate access to these tools could potentially run malicious code remotely.

Vulnerability Details

CVSS Score

8(high)

EPSS (30-day exploit probability)

EPSS: 0.1%

Classification

Attack Type

Other

Attack SophisticationModerate

Impact (CIA+S)

integrityavailability

Taxonomy References

CWE (Weakness Type)

CWE-284

Affected Vendors

Microsoft

Related Issues

high

CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne

Similar attackNVD/CVE Database

critical

CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi

First tracked: February 15, 2026 at 08:51 PM

Classified by LLM (prompt v3) · confidence: 85%