CVE-2025-66389 GitHub CVE debrief

Who should care

Developers and organizations using GitHub Copilot 1.372.0 should be aware of this vulnerability. Given the potential for exfiltration, it is crucial for users to assess their exposure and take necessary precautions to secure their environments. This includes reviewing GitHub Copilot configurations, ensuring that it is properly secured, and monitoring for any suspicious activities.

Technical summary

The vulnerability in GitHub Copilot 1.372.0 arises from its handling of file-handler URI parameters in the fetch_webpage function. This allows for filesystem access outside of the designated workspace folder without requiring user approval. The issue is significant as it could enable indirect prompt injection attacks, leading to potential data exfiltration. Users should verify their version and apply any available patches or mitigations.

Defensive priority

High priority due to potential for data exfiltration

Recommended defensive actions

• Review and update GitHub Copilot installations to the latest version
• Configure GitHub Copilot to restrict filesystem access to workspace folders only
• Monitor GitHub Copilot usage for suspicious activities
• Implement additional security measures to detect and prevent indirect prompt injection attacks
• Consult official GitHub documentation and security advisories for further guidance

Evidence notes

The CVE-2025-66389 record indicates that GitHub Copilot 1.372.0 is vulnerable to filesystem access outside of a workspace folder. Evidence from the source item (nvd_modified) and references (blindcyber.com, github.com/microsoft/vscode-copilot-chat, github.com/microsoft/vscode) supports this finding. Users should verify their GitHub Copilot version and review configurations to ensure security.

Official resources