CVE-2025-53773

Name of the Vulnerable Software and Affected Versions GitHub Copilot (affected versions not specified) Visual Studio 2022 versions prior to 17.14.12

Description Improper neutralization of special elements used in a command, known as command injection, in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code locally. This issue can be triggered via prompt injection, which is a technique used to manipulate the instructions provided to a Large Language Model (LLM) to make it perform unintended actions. In some cases, this may lead to wormable command execution.

Recommendations Update Visual Studio 2022 to version 17.14.12. At the moment, there is no information about a newer version that contains a fix for this vulnerability regarding GitHub Copilot.