Full Report
Cybersecurity researchers have disclosed a critical vulnerability in the Open VSX Registry ("open-vsx[.]org") that, if successfully exploited, could have enabled attackers to take control of the entire Visual Studio Code extensions marketplace, posing a severe supply chain risk. "This vulnerability provides attackers full control over the entire extensions marketplace, and in turn, full control
Analysis Summary
# Vulnerability: Critical Supply Chain Risk in Open VSX Registry via GitHub Actions Workflow Execution
## CVE Details
- CVE ID: Not specified in the article (Assumed to be a recent critical zero-day disclosed privately)
- CVSS Score: Not specified (Described as "critical")
- CWE: CWE-787 (Out-of-bounds Write) or similar leading to execution, potentially related to vulnerable dependency execution (CWE-829/CWE-841). Based on description, likely CWE related to CI/CD misconfiguration/code execution in a privileged context.
## Affected Systems
- Products: Open VSX Registry (`open-vsx.org`) and the associated publishing automation system (`publish-extensions` repository).
- Versions: All versions prior to the fix deployed on June 25, 2025.
- Configurations: Systems relying on the auto-publishing mechanism involving Pull Requests to `extensions.json` and the subsequent execution of the GitHub Actions workflow. Affected downstream users include editors like Cursor, Windsurf, Google Cloud Shell Editor, and Gitpod.
## Vulnerability Description
A critical vulnerability exists in the Open VSX Registry's automated extension publishing system, maintained by the Eclipse Foundation. The vulnerability stems from the `publish-extensions` GitHub Actions workflow, which runs daily using privileged credentials (`OVSX_PAT`) allowing global publication and overwriting of any extension on the marketplace.
The flaw is that the workflow executes `npm install` for all extensions listed for auto-publishing (based on updates to `extensions.json`). This process executes arbitrary build scripts of these extensions and their dependencies, providing them access to the highly privileged `OVSX_PAT` environment variable. An attacker could submit a malicious extension update (via a specially crafted PR to `extensions.json`) whose build phase extracts the `OVSX_PAT` token, thereby gaining full control over the Open VSX Registry, enabling malicious updates to millions of developer machines via extensions fetched silently.
## Exploitation
- Status: Patched following responsible disclosure, but the nature suggests high potential for exploitation prior to June 25, 2025.
- Complexity: Low to Medium (Requires understanding of GitHub Actions, npm lifecycle scripts, and contributing to the specific repository).
- Attack Vector: Network (via submission of malicious extension metadata/code).
## Impact
- Confidentiality: High (Potential theft of service account credentials).
- Integrity: Critical (Ability to push malicious code updates to any extension, reaching millions of developers).
- Availability: High (Potential disruption if the registry service is compromised or used for destructive actions).
## Remediation
### Patches
- Maintainers proposed multiple rounds of fixes following disclosure on May 4, 2025.
- The final fix was deployed on **June 25, 2025**. (Specific software version containing the fix is not detailed, but the service platform was updated).
### Workarounds
- As the publishing mechanism was the root cause, until confirming the fix, **disabling auto-publishing** of untrusted extensions or manually verifying all newly published metadata would be necessary.
- Downstream consumers should ideally pause automatic extension updates until confidence in the registry integrity is restored.
## Detection
- Indicators of compromise (if exploited prior to June 25): Unauthorized publishing activity associated with the `@open-vsx` service account within the GitHub Actions logs of the `publish-extensions` repository, especially involving execution of arbitrary npm scripts.
- Detection methods and tools: Monitoring service account token usage/access patterns; reviewing GitHub Actions logs for unusual script execution during the publishing workflow runs.
## References
- Vendor Advisory (Researchers): koi[.]security/marketplace-takeover-how-we-couldve-taken-over-every-developer-using-a-vscode-fork-f0f8cf104d44
- General News Source: thehackernews[.]com/2025/06/critical-open-vsx-registry-flaw-exposes.html