Medium severity4.0NVD Advisory· Published Jul 30, 2025· Updated Apr 15, 2026
CVE-2025-8217
CVE-2025-8217
Description
The Amazon Q Developer Visual Studio Code (VS Code) extension v1.84.0 contains inert, injected code designed to call the Q Developer CLI. The code executes when the extension is launched within the VS Code environment; however the injected code contains a syntax error which prevents it from making a successful API call to the Q Developer CLI.
To mitigate this issue, users should upgrade to version v1.85.0. All installations of v1.84.0 should be removed from use.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: =1.84.0
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.