November 2025 [Kernel Flaws, WSL Priv-esc, and the Agentic AI Developer Risk Frontier]

CVE-2025-62215 is a Windows kernel elevation-of-privilege flaw that is already being exploited in the wild. It requires local access and user interaction.

CVE-2025-62220 is a WSL remote code execution vulnerability. It stems from how RDP handles plugin loading through the /plugin option, where a crafted RDP file loads a malicious msrdc plugin that invokes the vulnerable code to exploit WSL.

CVE-2025-62222 is a high-severity command-injection flaw in Visual Studio Code's CoPilot Chat extension that can run arbitrary code on a developer's machine. Unlike the kernel bug, it isn't exploited in the wild yet.

Engineers typically hold more access than regular users, so weak RBAC or IAM turns an extension compromise into a serious incident. Braunstein recommends workspace trust settings and restricting AI agent extensions, especially on standardized IDEs.

Vet extensions by who builds them and where they come from, not by star count. Braunstein and Lee cite the XZ Utils backdoor as proof that high trust in open source can still hide malicious code injected over time, and that AI-written code often invents functions that don't exist.