A critical vulnerability has been disclosed in the popular Open VSX Registry by some cybersecurity research analysts. If successfully exploited, this flaw could have enabled attackers to take control of the entire extensions marketplace. This would have posed a very severe supply chain risk to a large number of software development projects. Open VSX Registry is an open-source project and an alternative to the official Visual Studio Code Marketplace. Several popular code editors like Cursor, Gitpod, and others integrate it directly into their online services. A researcher said this vulnerability provides attackers full control over the entire extensions marketplace and developer machines.
The vulnerability discovered by Koi Security is rooted in the platform’s public publish-extensions software source code repository. In the backend, this plays out in the form of a GitHub Actions workflow that runs every single day. This automated workflow runs daily at 3:03 a.m. UTC and takes a list of extensions as its input. This workflow runs with privileged credentials, including a secret token that has the power to publish any extension. The root of this vulnerability is that an installation process runs the arbitrary build scripts of all extensions. It does this while also providing them with full access to the privileged secret token environment variable.
This specific security flaw means that it is possible for anyone to obtain access to the main service account’s secret token. This provides an attacker with the ability to publish new extensions and also to tamper with any existing ones. By exploiting this continuous integration issue, a malicious actor could publish malicious updates to every single extension. This widespread adoption means that a compromise of Open VSX is truly a supply-chain nightmare security scenario. Every time an extension is installed or updated, these actions go through the compromised Open VSX marketplace.
Following a responsible disclosure on May 4, 2025, multiple rounds of fixes were proposed by the maintainers. A final patch for the critical vulnerability was officially deployed by the project on the twenty-fifth of June. The risk posed by extensions has not gone unnoticed by MITRE, which introduced a new technique in its framework. The ATT&CK framework added the “IDE Extensions” technique back in April 2025, acknowledging this growing attack surface. Every marketplace item is a potential backdoor and deserves the same diligence as any other software dependency package. If left unchecked, they create a sprawling, invisible supply chain that attackers are now increasingly exploiting.
Reference:
