CVE-2025-24042
Published: 11 February 2025
Description
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Security Summary
Visual Studio Code JS Debug Extension Elevation of Privilege Vulnerability, identified as CVE-2025-24042, affects the JavaScript Debug extension for Visual Studio Code. Published on 2025-02-11, it carries a CVSS v3.1 score of 7.3 (AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H), stemming from CWE-284 (Improper Access Control). The flaw enables privilege escalation within the extension's debugging functionality.
A local attacker with low privileges can exploit this by convincing a user to interact with a malicious debug configuration or file in Visual Studio Code, such as during a debugging session. Exploitation grants elevated privileges, allowing high-impact unauthorized access to confidential data, modification of system integrity, and disruption of availability.
The Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24042 details the issue and urges updating the JS Debug extension to the patched version through the Visual Studio Code marketplace.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The CVE explicitly describes an elevation of privilege vulnerability (CWE-284) in the JS Debug extension that allows a local attacker to gain elevated privileges via malicious debug configuration, directly mapping to Exploitation for Privilege Escalation.