Home > Vulnerability Database > CVE-2025-8217

Mend.io Vulnerability Database

CVE-2025-8217

Good to know:

Date: July 29, 2025

The Amazon Q Developer Visual Studio Code (VS Code) extension v1.84.0 contains inert, injected code designed to call the Q Developer CLI. The code executes when the extension is launched within the VS Code environment; however the injected code contains a syntax error which prevents it from making a successful API call to the Q Developer CLI. To mitigate this issue, users should upgrade to version v1.85.0. All installations of v1.84.0 should be removed from use.

Severity Score

4.0

Related Resources (5)

Url: https://github.com/aws/aws-toolkit-vscode/releases/tag/amazonq%2Fv1.85.0

Url: https://github.com/aws/aws-toolkit-vscode/security/advisories/GHSA-7g7f-ff96-5gcw

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-8217

Url: https://aws.amazon.com/security/security-bulletins/AWS-2025-015/

Url: https://www.mend.io/vulnerability-database/CVE-2025-8217

Severity Score

4.0

Weakness Type (CWE)

Embedded Malicious Code

CWE-506

Top Fix

Upgrade Version

Upgrade to version https://github.com/aws/aws-toolkit-vscode.git - v1.85.0

Learn More

CVSS v3.1

Base Score:	4.0
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-8217

Good to know:

Date: July 29, 2025

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?