GitHub Copilot: Remote code execution via prompt injection (CVE-2025-53773)
11 days ago
- #Prompt Injection
- #GitHub Copilot
- #Remote Code Execution
- GitHub Copilot vulnerability (CVE-2025-53773) allows remote code execution via prompt injection.
- Attackers can modify settings.json to enable 'YOLO mode', disabling user confirmations for shell commands and other actions.
- Exploit involves injecting malicious prompts into source code, web pages, or GitHub issues to trigger the vulnerability.
- Vulnerability works across Windows, macOS, and Linux systems.
- Attackers can achieve full system compromise, including joining the machine to a botnet or spreading malware.
- Invisible instructions can be used to hide the attack, though reliability varies.
- Microsoft has patched the vulnerability as of August 2025.
- Recommendations include requiring human approval for AI file modifications and better threat modeling.