CamoLeak: Critical GitHub Copilot Vulnerability Leaks Private Source Code
12 hours ago
- #GitHub
- #AI
- #Cybersecurity
- Critical vulnerability discovered in GitHub Copilot Chat (CVSS 9.6) in June 2025.
- Vulnerability allowed silent exfiltration of secrets and source code from private repositories.
- Attack combined a novel CSP bypass using GitHub’s infrastructure with remote prompt injection.
- GitHub fixed the issue by disabling image rendering in Copilot Chat.
- Exploit involved hidden comments in pull requests to inject malicious prompts.
- Copilot Chat's context-awareness was exploited to affect any user visiting the page.
- Attack could influence responses, inject custom Markdown, and leverage user permissions.
- Bypassed Content Security Policy (CSP) using GitHub’s Camo proxy for URL rewriting.
- Proof of Concept (PoC) demonstrated stealing zero-day vulnerabilities from private repos.
- GitHub resolved the vulnerability by August 14.