Microsoft has identified two major security vulnerabilities affecting GitHub Copilot and Visual Studio, released on November 11, 2025, with an Important severity rating. The first issue, CVE-2025-62449, pertains to Visual Studio and involves a path traversal flaw (CWE-22) that could allow an attacker to access files beyond restricted areas with local access. Although the attack requires user interaction, it poses a serious risk due to its potential for high impacts on confidentiality and integrity.
The second vulnerability, CVE-2025-62453, is associated with GitHub Copilot and involves improper validation of AI-generated code outputs (CWE-1426). This flaw may allow attackers to manipulate AI suggestions to insert malicious code into projects, given that developers often trust these outputs without scrutiny. With a CVSS score of 5.0, this vulnerability raises concerns around AI-assisted code generation. Microsoft has urged developers using these tools to apply the necessary patches immediately, emphasizing the importance of rigorous code reviews to mitigate risks.
👉 Pročitaj original: Cyber Security News
