CVE-2025-8217 – Amazon Q Developer Visual Studio Code Extension Code Injection Vulnerability

CVE ID : CVE-2025-8217

Published : July 30, 2025, 1:15 a.m. | 2 hours, 13 minutes ago

Description : The Amazon Q Developer Visual Studio Code (VS Code) extension v1.84.0 contains inert, injected code designed to call the Q Developer CLI. The code executes when the extension is launched within the VS Code environment; however the injected code contains a syntax error which prevents it from making a successful API call to the Q Developer CLI.

To mitigate this issue, users should upgrade to version v1.85.0. All installations of v1.84.0 should be removed from use.

Severity: 4.0 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…