High

GitHub Copilot for JetBrains Command Injection RCE

IdentifiersCVE-2025-64671CWE-77· Improper Neutralization of Special…

CVE-2025-64671 is a command injection vulnerability in the GitHub Copilot plugin for JetBrains IDEs. The issue is described as improper neutralization of special elements used in a command, allowing an unauthorized attacker to execute code locally. Available reporting indicates the flaw can be triggered through malicious cross-prompt injection delivered via untrusted files or Model Context Protocol (MCP) servers. In affected configurations, attacker-controlled prompt content can cause Copilot to append unintended commands to otherwise permitted terminal actions, including bypassing or piggybacking on the plugin's terminal auto-approve behavior. Although Microsoft classifies the resulting execution as local, multiple sources note that a remote attacker could plausibly trigger exploitation through social engineering by inducing a developer to open malicious content or interact with a malicious MCP source.

For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation can result in arbitrary command execution in the context of the affected user on the developer workstation or other system running the JetBrains IDE with the vulnerable Copilot plugin. This can enable remote code execution in practice when the victim is induced to process attacker-controlled prompt content, and may lead to compromise of source code, developer credentials, local secrets, build artifacts, or downstream CI/CD environments accessible from the IDE session.

Mitigation

If you can’t patch tonight, do this now.

Until patched, reduce exposure by disabling or tightly restricting terminal auto-approve behavior in GitHub Copilot for JetBrains, avoiding use of untrusted MCP servers, and treating untrusted files, repositories, and prompt content as hostile input. Limit IDE execution privileges, avoid running developer IDEs with administrative rights, restrict outbound access from developer workstations where feasible, and monitor for unexpected terminal commands spawned from IDE-integrated AI tooling. User awareness measures against social engineering and prompt-injection scenarios are also relevant.

Remediation

Patch, then assume compromise.

Apply Microsoft's December 2025 security update that addresses CVE-2025-64671 in Copilot / GitHub Copilot for JetBrains. Upgrade the GitHub Copilot plugin for JetBrains to the fixed version provided by the vendor and ensure the underlying IDE and related Copilot components are fully updated. Because the issue is tied to prompt-driven command execution behavior, organizations should also review plugin configuration and update management for AI-assisted development tooling across their fleet.

PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType

Microsoft CorporationGihub Copilot Plugin For Jetbrains Idesapplication

Microsoft CorporationGithub Copilotapplication

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

29 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

29 SOURCESView more in app

expel blogNews

Jan 14, 2026

Patch Tuesday: January 2026 (Expel’s version) | Expel

A remote code execution vulnerability in GitHub Copilot for JetBrains reported as exploited.

cyberthroneNews

Dec 26, 2025

When Silence Broke Security: Zero-Days in 2025 - TheCyberThrone

Remote code execution vulnerability referenced as affecting Microsoft PowerShell/JetBrains, with proof-of-concept exposure noted.

flareio blogNews

Dec 17, 2025

From Patch to Exploit: Flare’s Intelligence on Cybercrime After December 2025 Patch Tuesday

A remote code execution vulnerability in the GitHub Copilot plugin for Jetbrains IDEs, publicly disclosed as part of the 'IDEsaster' research. Exploitation is considered less likely, but the vulnerability highlights a new class of attacks against AI-assisted development tools.

outpost24 blogNews

Dec 10, 2025

Microsoft Patch Tuesday – December 2025

An improper neutralization of input vulnerability in Copilot that could enable an unauthorized attacker to execute code locally.

+18 more in the timeline

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.

Start free trial

Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity7