THREAT OPS › Threat News › Amazon Q Developer: Remote Code Execution with Prompt Injection
Amazon Q Developer: Remote Code Execution with Prompt Injection
<a id="top_ref"></a>
<p>The Amazon Q Developer VS Code Extension (Amazon Q) is a popular coding agent, with over <a href="https://marketplace.visualstudio.com/items?itemName=AmazonWebServices.amazon-q-vscode">1 million downloads</a>.</p> <p>The extension is vulnerable to indirect prompt injection, and in this post we discuss a vulnerability that allowed an adversary (or also the AI for that matte
Indicators of compromise
- CVE-2025-53773cve
- https://marketplace.visualstudio.com/items?itemName=AmazonWebServices.amazon-q-vscodeurl