CVE-2025-21264: 
Visual Studio Code vulnerability analysis and mitigation

A security vulnerability (CVE-2025-21264) was discovered in Visual Studio Code and was first published on May 13, 2025. The vulnerability involves files or directories being accessible to external parties in Visual Studio Code, which could potentially allow an unauthorized attacker to bypass security features when accessing the system locally (NVD Database, Wiz Report).

The vulnerability has been assigned a CVSS v3.1 base score of 7.1 (HIGH) with the vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N. It has been classified under CWE-552 (Files or Directories Accessible to External Parties). The vulnerability requires local access and user interaction, but no privileges for exploitation (NVD Database, Wiz Report).

The vulnerability poses a significant security risk as it allows high confidentiality impact and low integrity impact, with no availability impact. The scope is changed, indicating that the vulnerability can affect resources beyond its security scope (Wiz Report).

Microsoft has acknowledged the vulnerability and released security updates to address the issue. Users are advised to update to the latest version of Visual Studio Code (version 1.100.1 or later) (NVD Database).