{"id":"CVE-2025-62449","details":"Improper limitation of a pathname to a restricted directory ('path traversal') in Visual Studio Code CoPilot Chat Extension allows an authorized attacker to bypass a security feature locally.","modified":"2026-03-13T03:38:21.404784Z","published":"2025-11-11T18:15:50.043Z","references":[{"type":"ADVISORY","url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62449"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/microsoft/vscode-copilot-chat","events":[{"introduced":"0"},{"fixed":"d0b5c7be1d70fa847c9bad834e227310d2cdba87"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"0.32.0"}]}}],"versions":["v0.29.2025062703","v0.29.2025062705","v0.29.2025063001","v0.29.2025070102","v0.29.2025070202","v0.29.2025070301","v0.29.2025070302","v0.29.2025070401","v0.29.2025070403","v0.30.2025071002","v0.30.2025071101","v0.30.2025071401","v0.30.2025071501","v0.30.2025071502","v0.30.2025071601","v0.30.2025071701","v0.30.2025071801","v0.30.2025072102","v0.30.2025072103","v0.30.2025072201","v0.30.2025072301","v0.30.2025072401","v0.30.2025072501","v0.30.2025072801","v0.30.2025072901","v0.30.2025073001","v0.30.2025073101","v0.30.2025073102","v0.31.2025080704","v0.31.2025080801","v0.31.2025081101","v0.31.2025081203","v0.31.2025081204","v0.31.2025081301","v0.31.2025081401","v0.31.2025081501","v0.31.2025081801","v0.31.2025082004","v0.31.2025082101","v0.31.2025082102","v0.31.2025082201","v0.31.2025082202","v0.31.2025082212","v0.31.2025082213","v0.31.2025082501","v0.31.2025082502","v0.31.2025082601","v0.31.2025082602","v0.31.2025082701","v0.31.2025082702","v0.31.2025082801","v0.31.2025082802","v0.31.2025082903","v0.31.2025082904","v0.31.2025090101","v0.31.2025090102","v0.31.2025090201","v0.31.2025090301","v0.31.2025090302","v0.31.2025090401","v0.32.2025091102","v0.32.2025091201","v0.32.2025091202","v0.32.2025091501","v0.32.2025091601","v0.32.2025091602","v0.32.2025091701","v0.32.2025091801","v0.32.2025091901","v0.32.2025091902","v0.32.2025092201","v0.32.2025092301","v0.32.2025092302","v0.32.2025092509","v0.32.2025092601","v0.32.2025092602","v0.32.2025092901","v0.32.2025093001","v0.32.2025100101","v0.32.2025100203","v0.32.2025100302","v0.32.2025100703"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-62449.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L"}]}