CVE-2025-66389
HighCVSS 7.5Exploitation Probability (EPSS)
Elevated risk54th percentile - higher than 54% of all known CVEs
Summary
A vulnerability in GitHub Copilot 1.372.0 allows filesystem access outside the workspace folder without user approval via a file-handler URI parameter in fetch_webpage. This could lead to data exfiltration if combined with indirect prompt injection.
Risk Assessment
The risk involves unauthorized file reads beyond the workspace, which, when paired with prompt injection attacks, could result in theft of sensitive organizational data.
Recommendation
Immediately update GitHub Copilot to a version newer than 1.372.0 and implement URI validation mechanisms in the fetch_webpage function.
Original NVD description (English source)
GitHub Copilot 1.372.0 allows filesystem access outside of a workspace folder (without user approval) via a file-handler URI parameter to fetch_webpage. Therefore, exfiltration could occur if there is indirect prompt injection.

