CVE-2025-53773: Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio
highvulnerabilityLLM-Specific
security
Summary
CVE-2025-53773 is a command injection vulnerability (a flaw where special characters in user input are not properly filtered, allowing an attacker to run unauthorized commands) found in GitHub Copilot and Visual Studio that lets an unauthorized attacker execute code on a user's local computer. The vulnerability exploits improper handling of special elements in commands, potentially through prompt injection (tricking the AI by hiding malicious instructions in its input).
Vulnerability Details
CVSS Score
7.8(high)
EPSS (30-day exploit probability)
EPSS: 0.6%
Classification
Attack Type
Prompt Injection
Attack SophisticationModerate
Impact (CIA+S)
integrityconfidentiality
Affected Vendors
Microsoft
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-53773
First tracked: February 15, 2026 at 08:51 PM
Classified by LLM (prompt v3) · confidence: 92%