Critical Vulnerability Discovered in Open VSX Registry
Recent findings from cybersecurity researchers have unveiled a significant vulnerability in the Open VSX Registry, known as “open-vsx[.]org.” This flaw, if leveraged by malicious actors, could allow unauthorized control over the entire Visual Studio Code extensions marketplace, creating a serious supply chain risk for developers and companies alike.
The Scope of the Vulnerability
Oren Yomtov, a researcher at Koi Security, highlighted the severity of the situation, stating that this vulnerability could permit attackers to exercise complete control over millions of developer machines. By exploiting a weakness in the continuous integration (CI) process, a malicious user could potentially push harmful updates to every extension available in the Open VSX marketplace.
Following a responsible disclosure on May 4, 2025, several rounds of fixes were initiated by the maintainers of the registry, culminating in a final update on June 25.
Understanding Open VSX Registry
The Open VSX Registry is an open-source alternative to the Visual Studio Marketplace, managed by the Eclipse Foundation. Several popular code editors—including Cursor, Windsurf, Google Cloud Shell Editor, and Gitpod—integrate Open VSX, which increases its reach and potential impact in the development community.
Yomtov noted the expansive integration of Open VSX, cautioning that a compromise here could pose a “supply-chain nightmare.” Given the frequency with which extensions are installed and updated through this platform, the risk is particularly alarming.
Source of the Vulnerability
The vulnerability identified by Koi Security is linked to the publish-extensions repository, which contains scripts designed to publish open-source VS Code extensions on the Open VSX platform. Developers can request their extensions to be auto-published by submitting updates to the extensions.json file in the repository. Once approved, a daily GitHub Actions workflow automates the publication process at 03:03 a.m. UTC.
This workflow employs privileged credentials, containing a secret token—the OVSX_PAT—linked to the @open-vsx service account, enabling it to publish or overwrite any extension within the marketplace. “In theory, this token should only be accessible to trusted code,” Yomtov explained.
The Implications of Arbitrariness
A critical concern arises from how npm install operates. It executes arbitrary build scripts related to all auto-published extensions, granting them access to the OVSX_PAT environment variable. This loophole means that an attacker could potentially seize the @open-vsx account’s token, thereby gaining privileged access to the Open VSX Registry. The consequences of such access include the ability to introduce malicious code into existing extensions or create new, harmful ones.
The Security Landscape
The threat posed by extensions has drawn attention from organizations like MITRE, which has recognized the potential for exploitation in its ATT&CK framework by introducing a new “IDE Extensions” technique as of April 2025. This technique can be misused by malicious actors to maintain persistent access to compromised systems.
Yomtov emphasized the inherent risks of every item in a marketplace like Open VSX, describing all marketplace contributions as potential backdoors. Since they are unvetted software dependencies with elevated access, proper scrutiny is necessary—akin to the diligence required for any package sourced from PyPI, npm, or GitHub. Failure to address these vulnerabilities could result in a sprawling, hidden supply chain increasingly targeted by attackers.
