Critical Vulnerability in Open VSX Registry Puts Millions of Developers at Risk

TL;DR

Cybersecurity researchers at Koi Security uncovered a critical vulnerability in the Open VSX Registry that could enable attackers to take over the VS Code extension marketplace. This flaw poses a significant risk to millions of developers by exposing them to potential supply chain attacks. The issue has since been addressed after a lengthy disclosure and fix process.

Critical Flaw in Open VSX Registry Threatens Millions of Developers

Cybersecurity researchers at Koi Security have identified a critical vulnerability in the Open VSX Registry (open-vsx.org) that could allow attackers to take control of the Visual Studio Code extensions marketplace. This vulnerability puts millions of developers at risk of supply chain attacks.

Understanding the Open VSX Registry

Open VSX Registry, maintained by the Eclipse Foundation, is an open-source extension registry serving as an alternative to Microsoft’s proprietary Visual Studio Code Marketplace. It enables developers and organizations to publish, discover, and use extensions for VS Code-compatible editors like Eclipse Theia or Gitpod, without being constrained by Microsoft’s licensing requirements. The registry is utilized by over 8 million developers.

The Vulnerability and Its Impact

According to a report published by Koi Security, this vulnerability grants attackers full control over the entire extensions marketplace, thereby compromising millions of developer machines. By exploiting a Continuous Integration (CI) issue, a malicious actor could publish harmful updates to every extension on Open VSX¹.

In May 2025, researchers discovered a flaw in Open VSX’s auto-publishing process. A nightly GitHub Actions workflow runs npm install on untrusted extension code, exposing a secret token (OVSX_PAT). This token has the permission to publish or overwrite any extension.

“This workflow runs with privileged credentials, including a secret token (OVSX_PAT) of the @open-vsx service account that has the power to publish (or overwrite) any extension in the marketplace. In theory, only trusted code should ever see that token.” - Koi Security Report

Malicious code in build scripts could steal this token, allowing attackers to hijack the entire Open VSX marketplace and compromise the supply chain for millions of developers.

“The root of the vulnerability is that npm install runs the arbitrary build scripts of all the auto-published extensions, and their dependencies, while providing them with access to the OVSX_PAT environment variable.” - Koi Security Report

The researchers verified the vulnerability by successfully exfiltrating the OVSX_PAT token using a sample repository.

Potential Exploitation and Mitigation

Attackers could exploit the @open-vsx token to publish or modify extensions with malicious code. MITRE added “IDE Extensions” to its ATT&CK framework in April 2025, highlighting the risk of using extensions for persistent access².

The experts compared this supply chain risk to the SolarWinds incident, affecting millions of developers through IDE auto-updates, especially in desktop editors like VS Code, VSCodium, and Cursor.

Disclosure Timeline

Here is the timeline of the vulnerability disclosure and fix process:

• May 4, 3:18 PM: Vulnerability disclosed.
• May 5, 12:25 PM: Report acknowledged.
• May 5, 11:34 PM: First fix proposed.
• May 6, 10:23 AM: Fix reviewed.
• May 7, 4:47 PM: Second fix proposed.
• May 8, 1:41 PM: Fix reviewed.
• May 14, 2:18 PM: Third fix proposed.
• May 14, 3:22 PM: Fix reviewed.
• May 15, 4:23 PM: Fourth fix proposed.
• May 15, 9:02 PM: Fix reviewed.
• May 19, 1:29 PM: Fifth fix proposed.
• May 19, 11:36 PM: Fix reviewed.
• May 21, 12:58 PM: Sixth fix proposed.
• May 22, 6:09 PM: Fix reviewed.
• June 25, 7:20 PM: Fix deployed.

Conclusion

“The problem is universal: if it’s code, and it runs in your environment, it’s part of your attack surface. Every marketplace item is a potential backdoor. They’re unvetted software dependencies with privileged access, and they deserve the same diligence as any package from PyPI, npm, Hugginface, or GitHub. If left unchecked, they create a sprawling, invisible supply chain that attackers are increasingly exploiting.” - Koi Security Report

The discovery of this vulnerability underscores the importance of rigorous security practices in open-source projects. Developers and organizations must remain vigilant and proactive in identifying and mitigating potential security threats.

For further updates, follow @securityaffairs on Twitter, Facebook, and Mastodon.

For more details, visit the full article: source

Additional Resources

For further insights, check:

• “Taking Over Millions of Developers by Exploiting an Open VSX Registry Flaw”
• Koi Security Report
• MITRE ATT&CK Framework

References

1. Koi Security (May 2025). “Marketplace Takeover: How We Could’ve Taken Over Every Developer Using a VSCode Fork”. Koi Security Blog. Retrieved 2025-06-27. ↩︎

2. MITRE (April 2025). “IDE Extensions”. MITRE ATT&CK. Retrieved 2025-06-27. ↩︎