PromptRiskDBThreat intelligence atlas

CVE-2025-8217

AI Vulnerability Context

The Amazon Q Developer Visual Studio Code (VS Code) extension v1.84.0 contains inert, injected code designed to call the Q Developer CLI. The code executes when the extension is launched within the VS Code environment; however the injected code contains a syntax error which prevents it from making a successful API call to the Q Developer CLI. To mitigate this issue, users should upgrade to version v1.85.0. All ins...

Overview

A source-backed snapshot of this vulnerability.

The Amazon Q Developer Visual Studio Code (VS Code) extension v1.84.0 contains inert, injected code designed to call the Q Developer CLI. The code executes when the extension is launched within the VS Code environment; however the injected code contains a syntax error which prevents it from making a successful API call to the Q Developer CLI.

To mitigate this issue, users should upgrade to version v1.85.0. All installations of v1.84.0 should be removed from use.

CISA KEVnoWhether CISA lists this as exploited.
Techniques0AI attack methods connected to this vulnerability.
Case studies1Examples where this vulnerability is mentioned.

Vulnerability status

How serious this vulnerability is and whether it is known to be exploited.

not in CISA KEVMEDIUM
CVE ID
CVE-2025-8217
CVSS v3
4.0
CVSS v4
5.1

Exploit context

What the vulnerability is about.

The Amazon Q Developer Visual Studio Code (VS Code) extension v1.84.0 contains inert, injected code designed to call the Q Developer CLI. The code executes when the extension is launched within the VS Code environment; however the injected code contains a syntax error which prevents it from making a successful API call to the Q Developer CLI.

To mitigate this issue, users should upgrade to version v1.85.0. All installations of v1.84.0 should be removed from use.

Source evidence

Original public records and references for this page.

Original source

Original source links

Open the public records and source datasets used for this page.