CVE-2025-58437
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-06

Last updated on: 2025-10-17

Assigner: GitHub, Inc.

Description
Coder allows organizations to provision remote development environments via Terraform. In versions 2.22.0 through 2.24.3, 2.25.0 and 2.25.1, Coder can be compromised through insecure session handling in prebuilt workspaces. Coder automatically generates a session token for a user when a workspace is started. It is automatically exposed via coder_workspace_owner.session_token. Prebuilt workspaces are initially owned by a built-in prebuilds system user. When a prebuilt workspace is claimed, a new session token is generated for the user that claimed the workspace, but the previous session token for the prebuilds user was not expired. Any Coder workspace templates that persist this automatically generated session token are potentially impacted. This is fixed in versions 2.24.4 and 2.25.2.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-06
Last Modified
2025-10-17
Generated
2026-05-07
AI Q&A
2025-09-06
EPSS Evaluated
2026-05-05
NVD
CVE-2025-58437
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
coder coder From 2.22 (inc) to 2.24.4 (exc)
coder coder From 2.25.0 (inc) to 2.25.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-277 A product defines a set of insecure permissions that are inherited by objects that are created by the program.
CWE-613 According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."
CWE-279 While it is executing, the product sets the permissions of an object in a way that violates the intended permissions that have been specified by the user.
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?

Upgrade Coder to version 2.24.4 or later, or 2.25.2 or later, as these versions contain the fix for the insecure session handling vulnerability in prebuilt workspaces.


Can you explain this vulnerability to me?

This vulnerability in Coder versions 2.22.0 through 2.24.3, 2.25.0, and 2.25.1 involves insecure session handling in prebuilt workspaces. When a workspace is started, Coder generates a session token for the user. Prebuilt workspaces are initially owned by a system user, and when claimed by a user, a new session token is generated but the old token for the system user is not expired. If workspace templates persist this old token, it can be exploited, potentially allowing unauthorized access.


How can this vulnerability impact me? :

This vulnerability can lead to unauthorized access to remote development environments by exposing valid session tokens that should have been invalidated. Attackers could use these tokens to impersonate users, access sensitive code or data, and compromise the integrity and confidentiality of development workspaces.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart