AWS Updates - 2025-08-11

AWS Security Bulletins

Security Update for Amazon Q Developer Extension for Visual Studio Code (Version #1.84)

• Link: https://aws.amazon.com/security/security-bulletins/rss/aws-2025-015/
• Published: 2025-08-11

Scope: AWS
Content Type: Important (requires attention)
Publication Date: 2025/07/23 6:00 PM PDT
Updated Date: 2025/07/25 6:00 PM PDT

Description:

Amazon Q Developer for Visual Studio Code (VS Code) Extension is a development tool that integrates Amazon Q's AI-powered coding assistance directly into the VS Code integrated development environment (IDE).

AWS is aware of and has addressed an issue in the Amazon Q Developer for VS Code Extension, which is assigned to CVE-2025-8217.

AWS Security has inspected the code and determined the malicious code was distributed with the extension but was unsuccessful in executing due to a syntax error. This prevented the malicious code from making changes to any services or customer environments.

We will update this bulletin if we have additional information to share.

Affected version: Amazon Q Developer for Visual Studio Code Extension (version 1.84.0)