Vulnerability Details CVE-2025-66389
GitHub Copilot 1.372.0 allows filesystem access outside of a workspace folder (without user approval) via a file-handler URI parameter to fetch_webpage. Therefore, exfiltration could occur if there is indirect prompt injection.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 53.6%
CVSS Severity
CVSS v3 Score 7.5
Products affected by CVE-2025-66389
-
cpe:2.3:a:microsoft:github_copilot:1.372.0