Cyber security researchers have revealed an important vulnerability in the Open VSX Registry (“Open-VSX)[.]Org “) That, if successfully exploited, the attackers may be able to control the entire visual studio code extension marketplace, leading to a serious supply chain risk.
“This vulnerability provides complete control to the attackers at the entire extension marketplace, and in turn, full control over millions of developer machines,” said no security researcher Oren Yomtov. “By exploiting a CI point, a malicious actor can publish malicious updates for every extension on open VSX.”
After the disclosure responsible on 4 May 2025, several rounds of fixes were proposed by the maintenance, before a final patch was deployed on 25 June.
Open VSX Registry is an open-source project and is an alternative to visual studio marketplace. This eclipse is maintained by the Foundation. Many code editors such as Karsar, Windsurf, Google Cloud Shell Editor, GITPOD, and others integrate it in their services.
“This widespread adoption means an agreement of open VSX is a supply-chain nightmare landscape,” said Yomtov. “An extension is installed every time, or updated an extension in the background, these actions pass through open VSX.”
The vulnerability discovered by a security is inherent in the publisher-extension repository, which includes scripts to publish Open-SUSX Code Extension for Open-VSX.ORG.
Developers may request their extension to be auto-published, which can submit a bridge request to add it to the extension.
In the backnd, it plays as a Github Action Workflow that runs on 03:03 AM UTC daily that takes a list of coma-sepretted extensions from the JSON file and publishes them in the registry using vsce NPM package.
“This workflow @Open-VSX operates with privileged credentials, including a secret token (Ovsx_pat) of the service account, which has the power to publish (or preferable) in the market,” Yomtov said. “In principle, only reliable code should ever look at that token.”
“The root of vulnerability is that NPM installed all auto-published extensions, and arbitrary build scripts of their dependence, while the ovsx_pat gives them access to the environment.”
This means that it is possible to achieve access to the @Open-VSX account tokens, enables the privileged access to the open VSX registry, and an attacker provides the ability to publish new extensions and to tamper with the existing people to tamper.
The risk generated by the extension has not paid any attention by the miter, which has introduced a new “IDE Extension” technique in its ATT & CK Framework by April 2025, stating that it can be misused to establish frequent access to the systems suffering from malicious actors.
“Every marketplace item is a possible backdoor,” said Yomtov. “They are unexpected software dependencies with privileged access, and they deserve the same diligence as any package from Pypi, NPM, Hugginface, or Github. If left uncontrolled, they create a huge, invisible supply chain that are rapidly exploited.”
