Critical Vulnerabilities in VS Code Extensions Threaten 128 Million Developer Environments

Three critical vulnerabilities (CVE-2025-65715, CVE-2025-65716, and CVE-2025-65717) have been discovered in four popular Visual Studio Code extensions, downloaded over 128 million times, posing a significant risk to developer environments. These flaws allow for actions ranging from remote file exfiltration to remote code execution, highlighting a major security blind spot in the software supply chain.