GitHub Copilot Chat Vulnerability (CVE-2025-59145) Exposes Sensitive Data in AI-Assisted Development
A high-severity vulnerability in GitHub Copilot Chat, tracked as CVE-2025-59145 (CVSS 9.6), was recently disclosed, allowing attackers to exfiltrate sensitive data including source code, API keys, and cloud secrets from private repositories without executing malicious code.
Dubbed "CamoLeak," the exploit leveraged GitHub’s invisible markdown comment syntax to embed hidden instructions, tricking the AI into leaking data under the guise of legitimate queries. The attack underscores a critical risk in AI-assisted development: tools like Copilot inherit the permissions of the user, meaning their security depends entirely on the data they process.
The flaw highlights the need for stricter secrets management and monitoring of outbound network requests in AI-driven workflows. No evidence suggests the vulnerability was actively exploited before disclosure, but its potential impact on organizations using AI-assisted coding tools is significant.
Source: https://www.linkedin.com/feed/update/urn:li:activity:7448539837890080768
GitHub cybersecurity rating report: https://www.rankiteo.com/company/github
"id": "GIT1775874294",
"linkid": "github",
"type": "Vulnerability",
"date": "3/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Organizations and developers '
'using GitHub Copilot Chat',
'industry': 'Software Development / Cloud Services',
'name': 'GitHub (Microsoft)',
'type': 'Technology Company'}],
'attack_vector': 'AI-Assisted Development Tool (GitHub Copilot Chat)',
'data_breach': {'data_exfiltration': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Source code',
'API keys',
'Cloud secrets']},
'description': 'A high-severity vulnerability in GitHub Copilot Chat, tracked '
'as CVE-2025-59145 (CVSS 9.6), was recently disclosed, '
'allowing attackers to exfiltrate sensitive data including '
'source code, API keys, and cloud secrets from private '
'repositories without executing malicious code. Dubbed '
"'CamoLeak,' the exploit leveraged GitHub’s invisible markdown "
'comment syntax to embed hidden instructions, tricking the AI '
'into leaking data under the guise of legitimate queries. The '
'attack underscores a critical risk in AI-assisted '
'development: tools like Copilot inherit the permissions of '
'the user, meaning their security depends entirely on the data '
'they process.',
'impact': {'brand_reputation_impact': 'Potential significant impact on '
'organizations using AI-assisted coding '
'tools',
'data_compromised': 'Source code, API keys, cloud secrets',
'systems_affected': 'GitHub Copilot Chat'},
'lessons_learned': 'The flaw highlights the need for stricter secrets '
'management and monitoring of outbound network requests in '
'AI-driven workflows.',
'post_incident_analysis': {'root_causes': 'Invisible markdown comment syntax '
'abuse in GitHub Copilot Chat, '
'allowing hidden instructions to '
'trick the AI into leaking data.'},
'recommendations': 'Implement stricter secrets management and monitor '
'outbound network requests in AI-assisted development '
'tools.',
'title': 'GitHub Copilot Chat Vulnerability (CVE-2025-59145) Exposes '
'Sensitive Data in AI-Assisted Development',
'type': 'Data Exfiltration',
'vulnerability_exploited': 'CVE-2025-59145 (Invisible Markdown Comment Syntax '
'Abuse)'}