PT-2025-36355 · Coder · Coder
Johnstcn
·
Published
2025-09-06
·
Updated
2025-09-06
·
CVE-2025-58437
8.1
High
| Base vector | Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions:
Coder versions 2.22.0 through 2.24.3
Coder versions 2.25.0 and 2.25.1
Description:
Coder allows organizations to provision remote development environments via Terraform. In affected versions, Coder can be compromised through insecure session handling in prebuilt workspaces. Coder automatically generates a session token for a user when a workspace is started, exposed via `coder workspace owner.session token`. When a prebuilt workspace is claimed, a new session token is generated for the user, but the previous session token for the prebuilds system user is not expired. Workspace templates that persist this automatically generated session token are potentially impacted. This could lead to a privilege escalation and cross-workspace compromise.
Recommendations:
Update to Coder version 2.24.4 or 2.25.2.
Fix
LPE
Insufficient Session Expiration
Related Identifiers
Affected Products
References · 12
- https://nvd.nist.gov/vuln/detail/CVE-2025-58437 · Security Note
- https://github.com/coder/coder/commit/06cbb2890f453cd522bb2158a6549afa3419c276⭐ 10841 🔗 987 · Note
- https://github.com/coder/coder/security/advisories/GHSA-j6xf-jwrj-v5qp⭐ 10841 🔗 987 · Note
- https://github.com/coder/coder/pull/19669⭐ 10841 🔗 987 · Note
- https://github.com/coder/coder/commit/ec660907faa0b0eae20fa2ba58ce1733f5f4b35a⭐ 10841 🔗 987 · Note
- https://github.com/coder/coder/commit/20d67d7d7191a4fd5d36a61c6fc1e23ab59befc0⭐ 10841 🔗 987 · Note
- https://github.com/coder/coder/pull/19667⭐ 10841 🔗 987 · Note
- https://github.com/coder/coder/pull/19668⭐ 10841 🔗 987 · Note
- https://t.me/CVEtracker/31849 · Telegram Post
- https://twitter.com/CVEnew/status/1964195394960920966 · Twitter Post
- https://twitter.com/cypmsecnews/status/1964179681025880463 · Twitter Post
- https://t.me/canyoupwnme/6922 · Telegram Post