2025-08-13 05:29:34.759535+02 by Dan Lyke 0 comments
GitHub Copilot: Remote Code Execution via Prompt Injection (CVE-2025-53773)
This post is about an important, but also scary, prompt injection discovery that leads to full system compromise of the developer’s machine in GitHub Copilot and VS Code.
It is achieved by placing Copilot into YOLO mode by modifying the project’s
settings.jsonfile.
[ related topics: Humor Weblogs Microsoft moron Douglas Adams ]
comments in ascending chronological order (reverse):
We will not edit your comments. However, we may delete your comments, or cause them to be hidden behind another link, if we feel they detract from the conversation. Commercial plugs are fine, if they are relevant to the conversation, and if you don't try to pretend to be a consumer. Annoying endorsements will be deleted if you're lucky, if you're not a whole bunch of people smarter and more articulate than you will ridicule you, and we will leave such ridicule in place.
Flutterby™ is a trademark claimed by
Dan Lyke for the web publications at www.flutterby.com and www.flutterby.net.