CVE-2025-65716

Name of the Vulnerable Software and Affected Versions Visual Studio Code Extensions Markdown Preview Enhanced version 0.8.18

Description A flaw exists in Visual Studio Code Extensions Markdown Preview Enhanced version 0.8.18 that could allow attackers to execute arbitrary code. This is achieved by uploading a specially crafted .Md file. The vulnerable component is the file processing functionality within the extension. The uploadFile() function is likely involved in the processing of the malicious file. The vulnerable parameter is the uploaded .Md file itself.

Recommendations Update Visual Studio Code Extensions Markdown Preview Enhanced to a version that addresses this issue. As a temporary workaround, avoid opening or processing untrusted .Md files with this extension.