Critical Open VSX Registry Flaw Exposes Millions of Developers to Supply Chain Attacks

Jun 26, 2025Ravie LakshmananOpen Source / Vulnerability

Cybersecurity researchers have disclosed a critical vulnerability in the Open VSX Registry (“open-vsx[.]org”) that, if successfully exploited, could have enabled attackers to take control of the entire Visual Studio Code extensions marketplace, posing a severe supply chain risk.

“This vulnerability provides attackers full control over the entire extensions marketplace, and in turn, full control over millions of developer machines,” Koi Security researcher Oren Yomtov said. “By exploiting a CI issue a malicious actor could publish malicious updates to every extension on Open VSX.”

Following responsible disclosure on May 4, 2025, the multiple rounds of fixes were proposed by the maintainers, before it was finally deployed on June 25.

Open VSX Registry is an open-source project and alternative to the Visual Studio Marketplace. It’s maintained by the Eclipse Foundation. Several code editors like Cursor, Windsurf, Google Cloud Shell Editor, Gitpod, and others integrate it into their services.

“This widespread adoption means that a compromise of Open VSX is a supply-chain nightmare scenario,” Yomtov said. “Every single time an extension is installed, or an extension update fetched silently in the background, these actions go through Open VSX.”

The vulnerability discovered by Koi Security is rooted in the publish-extensions repository, which includes scripts to publish open-source VS Code extensions to open-vsx.org.

Developers can request their extension to be auto-published by submitting a pull request to add it to the extensions.json file present in the repository, after which it’s approved and merged.

In the backend, this plays out in the form of a GitHub Actions workflow that’s daily run at 03:03 a.m. UTC that takes as input a list of comma-separated extensions from the JSON file and publishes them to the registry using the vsce npm package.

“This workflow runs with privileged credentials including a secret token (OVSX_PAT) of the @open-vsx service account that has the power to publish (or overwrite) any extension in the marketplace,” Yomtov said. “In theory, only trusted code should ever see that token.”

“The root of the vulnerability is that npm install runs the arbitrary build scripts of all the auto-published extensions, and their dependencies, while providing them with access to the OVSX_PAT environment variable.”

This means that it’s possible to obtain access to the @open-vsx account’s token, enabling privileged access to the Open VSX Registry, and providing an attacker with the ability to publish new extensions and tamper with existing ones to insert malicious code.

The risk posed by extensions has not gone unnoticed by MITRE, which has introduced a new “IDE Extensions” technique in its ATT&CK framework as of April 2025, stating it could be abused by malicious actors to establish persistent access to victim systems.

“Every marketplace item is a potential backdoor,” Yomtov said. “They’re unvetted software dependencies with privileged access, and they deserve the same diligence as any package from PyPI, npm, Hugginface, or GitHub. If left unchecked, they create a sprawling, invisible supply chain that attackers are increasingly exploiting.”

Upgrade your audio game with the Logitech for Creators Blue Yeti USB Microphone. With over 33,730 ratings and an impressive 4.6 out of 5 stars, it’s no wonder this is an Amazon’s Choice product. Recently, 5K+ units were purchased in the past month.

Available in five stunning colors: Teal, Silver, Pink Dawn, Midnight Blue, and Blackout, this microphone is perfect for creators looking to produce exceptional audio. Priced at only $84.99, it’s a deal you can’t afford to miss.

Elevate your recordings with clear broadcast-quality sound and explore your creativity with enhanced effects, advanced modulation, and HD audio samples. Order now for just $84.99 on Amazon!

Help Power Techcratic’s Future – Scan To Support

If Techcratic’s content and insights have helped you, consider giving back by supporting the platform with crypto. Every contribution makes a difference, whether it’s for high-quality content, server maintenance, or future updates. Techcratic is constantly evolving, and your support helps drive that progress.

As a solo operator who wears all the hats, creating content, managing the tech, and running the site, your support allows me to stay focused on delivering valuable resources. Your support keeps everything running smoothly and enables me to continue creating the content you love. I’m deeply grateful for your support, it truly means the world to me! Thank you!