PT-2025-48989 · Coder · Coder

Published

2025-12-03

Updated

2025-12-15

CVE-2025-66411

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Coder versions prior to 2.26.5 Coder versions prior to 2.27.7 Coder versions prior to 2.28.4

Description Coder enables organizations to set up remote development environments using Terraform. Before versions 2.26.5, 2.27.7, and 2.28.4, Workspace Agent manifests with sensitive data were recorded in logs as plain text without proper sanitization. An attacker with limited local access to the Coder Workspace (VM, K8s Pod, etc.) or a third-party system (SIEM, logging stack) could potentially gain access to these logs.

Recommendations Update to Coder version 2.26.5 or later. Update to Coder version 2.27.7 or later. Update to Coder version 2.28.4 or later.

Exploit

Fix

Insertion into Log File

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-532

Related Identifiers

CVE-2025-66411

GHSA-JF75-P25M-PW74

GO-2025-4182

SUSE-SU-2025:4395-1

Affected Products

Coder

PT-2025-48989 · Coder · Coder

CVE-2025-66411

Weakness Enumeration

Related Identifiers

Affected Products

References · 57