CVE-2025-8217 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

The Amazon Q Developer Visual Studio Code (VS Code) extension v1.84.0 contains inert, injected code designed to call the Q Developer CLI. The code executes when…
Medium CVSS: 5.1

CVE-2025-8217

The Amazon Q Developer Visual Studio Code (VS Code) extension v1.84.0 contains inert, injected code designed to call the Q Developer CLI. The code executes when the extension is launched within the VS Code environment; however the injected code contains a syntax error which prevents it from making a successful API call to the Q Developer CLI.



To mitigate this issue, users should upgrade to version v1.85.0. All installations of v1.84.0 should be removed from use.
Vendor
-
Product
-
CWE
CWE-506
Yayın Tarihi
2025-07-30 01:15:25
Güncelleme
2025-10-14 18:15:37
Source Identifier
ff89ba41-3aa1-4d27-914a-91399e9639e5
KEV Date Added
-

Kategoriler

CWE-506 MEDIUM 2025

Referanslar

https://aws.amazon.com/security/security-bulletins/AWS-2025-015/ https://github.com/aws/aws-toolkit-vscode/releases/tag/amazonq%2Fv1.85.0 https://github.com/aws/aws-toolkit-vscode/security/advisories/GHSA-7g7f-ff96-5gcw