GitHub Copilot RCE Vulnerability via Prompt Injection Enables Full System Compromise
gbhackersA critical security vulnerability in GitHub Copilot has been disclosed, allowing attackers to achieve remote code execution and complete system compromise through sophisticated prompt injection techniques.
The vulnerability, tracked as CVE-2025-53773, was patched by Microsoft in the August 2025 Patch Tuesday release following responsible disclosure by security researchers.
Vulnerability Mechanics and Attack Vector
The vulnerability exploits GitHub Copilot’s ability to modify project files without user approval, specifically targeting the .vscode/settings.json configuration file.
By injecting malicious prompts into source code files, web pages, or GitHub issues, attackers can manipulate Copilot into adding the line “chat.tools.autoApprove”: true to the settings file, effectively placing the AI assistant into “YOLO mode”.
| Attribute | Details |
| CVE ID | CVE-2025-53773 |
| Severity | Important (CVSS 7.8/6.8) |
| Impact | Remote Code Execution |
| Vector | Local/Low Complexity/No Privileges Required |
| Weakness | CWE-77: Command Injection |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:N ... |
Copyright of this story solely belongs to gbhackers . To see the full text click HERE