Cybersecurity researchers recently disclosed a critical vulnerability in the Open VSX Registry (“open-vsx[.]org”). If attackers successfully exploited this flaw, they could have taken control of the entire Visual Studio Code extensions marketplace. Consequently, this posed a severe supply chain risk.
“This vulnerability provides attackers full control over the entire extensions marketplace, and in turn, full control over millions of developer machines,” Koi Security researcher Oren Yomtov explained. “By exploiting a CI issue, a malicious actor could publish malicious updates to every extension on Open VSX.”
After Koi Security’s responsible disclosure on May 4, 2025, the maintainers proposed multiple rounds of fixes. Eventually, they Deployed a final patch on June 25.
The Open VSX Registry serves as an Open-source project and an alternative to the Visual Studio Marketplace. The Eclipse Foundation actively maintains it. Furthermore, several code editors—such as Cursor, Windsurf, Google Cloud Shell Editor, and Gitpod—integrate it into their services.
“This widespread adoption means that a compromise of Open VSX is a supply-chain nightmare scenario,” Yomtov emphasized. “Every single time an extension is installed, or an extension update is silently fetched in the background, these actions pass through Open VSX.”
Koi Security discovered that the Vulnerability Originated in the publish-extensions repository. This Repository includes scripts for publishing Open-source VS Code extensions to open-vsx.org.
Developers can request auto-publishing for their extensions by submitting a pull request that adds them to the extensions.json file in the Repository. Once reviewers approve and merge the request, the process proceeds.
On the backend, a GitHub Actions workflow runs daily at 03:03 a.m. UTC. It takes a comma-separated list of extensions from the JSON file as input and then publishes them to the registry using the vsce
npm package.
“This workflow runs with privileged credentials, including a secret token (OVSX_PAT) for the @open-vsx service account, which holds the authority to publish or overwrite any extension in the marketplace,” Yomtov noted. “In theory, only trusted code should ever access that token.”
However, the core issue lies in the fact that npm install
executes arbitrary build scripts from all auto-published extensions and their dependencies—while also providing access to the OVSX_PAT environment variable.
As a result, Attackers could potentially obtain the @open-vsx account’s token. This access grants them the ability to publish new extensions and tamper with existing ones by inserting Malicious code.
Importantly, the risk associated with extensions has not gone unnoticed. In April 2025, MITRE added a new “IDE Extensions” technique to its ATT&CK framework, recognizing that threat actors could abuse this vector to establish persistent access to victim systems.
“Every marketplace item is a potential backdoor,” Yomtov warned. “These are unvetted software dependencies with privileged access, and they deserve the same diligence as any package from PyPI, npm, Hugging Face, or GitHub. If left unchecked, they create a sprawling, invisible supply chain that attackers are increasingly exploiting.”
Source: TheHackerNews
Read more at Impreza News