Cybersecurity researchers revealed a critical vulnerability in the open VSX registry (“Open-VSX”)[.]org”) It could have hopefully been that attackers could have controlled the entire Visual Studio code extension market and pose serious supply chain risks.
“The vulnerability allows attackers to take full control of the entire expansion market, thus allowing them to have full control over millions of developer machines,” said Oren Yomtov, a security researcher at Koi. “By taking advantage of CI issues, malicious actors can publish malicious updates to all open vsx extensions.”
Following the responsible disclosure on May 4, 2025, multiple rounds of revision were proposed by the maintainers before it was finally unfolded on June 25th.
The Open VSX registry is an open source project and replaces the Visual Studio Marketplace. Maintained by the Eclipse Foundation. Code editors such as Cursor, Windsurf, Google Cloud Shell Editor, and GitPod are integrated into the services.
“This broad adoption means that the open vsx compromise is a nightmare scenario for the supply chain,” Yomtov said. “Every time an extension is installed, or whenever an extension is quietly fetched in the background, these actions go through open VSX.”
The vulnerabilities discovered by KOI Security are rooted in the Publish-Extensions repository. This includes scripts that expose open source and code extensions to Open-VSX.org.
Developers can request that the extension be automatically published by submitting a pull request to add it to the extensions.json file that resides in the repository. Then it will be approved and merged.
In the backend, this unfolds in the form of a GitHub action workflow that runs daily at 03:03 AM UTC.
“This workflow runs with privileged credentials that include the Secret Token (OVSX_PAT) of the @Open-VSX service account. “In theory, only trusted code should see that token.”
“The root of the vulnerability is that the NPM installation provides access to the OVSX_PAT environment variable while running any build scripts for all automatically published extensions and their dependencies.”
This means gaining access to the tokens of your @Open-VSX account, allowing privileged access to the open VSX registry, exposes new extensions to attackers, and providing the ability to tamper with existing extensions and inject malicious code.
As of April 2025, the risks posed by extensions have not been noticed by MITRES, which introduced a new “IDE extension” approach to the ATT & CK framework. It says it could be abused by malicious actors to establish permanent access to the victim system.
“All market items are potential backdoors,” Yomtov said. “They are unmoving software dependencies with privileged access and deserve the same diligence as Pypi, NPM, Hugginface, or Github packages.
Source link
