PT-2025-31362 · Microsoft +1 · Visual Studio Code +1

Aditya169

Published

2025-07-30

Updated

2025-07-30

CVE-2025-8217

Report an issue

CVSS v3.1

4.0

Vector

AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions:

Amazon Q Developer Visual Studio Code (VS Code) extension version 1.84.0

Description:

The Amazon Q Developer Visual Studio Code (VS Code) extension v1.84.0 contains injected code intended to call the Q Developer CLI. This code executes upon extension launch but contains a syntax error, preventing a successful API call.

Recommendations:

Upgrade to version 1.85.0.

Remove all installations of version 1.84.0.

Fix

RCE

Weakness Enumeration

CWE-506

Related Identifiers

CVE-2025-8217

Affected Products

Amazon Q Developer Visual Studio Code Extension

Visual Studio Code

PT-2025-31362 · Microsoft +1 · Visual Studio Code +1

Weakness Enumeration

Related Identifiers

Affected Products

References · 5