Overview
A significant cybersecurity vulnerability, CVE-2025-58437, has been detected in the platform Coder, which is widely used by organizations to provision remote development environments via Terraform. The vulnerability exists in versions 2.22.0 through 2.24.3, 2.25.0 and 2.25.1 of the software. This flaw exposes systems to potential compromise and data leakage, thereby posing a serious threat to the security of users and organizations. Given the extent of Coder’s usage, this vulnerability is of substantial concern and demands immediate attention.
Vulnerability Summary
CVE ID: CVE-2025-58437
Severity: Critical, CVSS score 8.1
Attack Vector: Network
Privileges Required: Low
User Interaction: None
Impact: System compromise or data leakage
Affected Products
Share secrets securely
Ameeba is private infrastructure for communication and sensitive work built on encrypted identity instead of exposed corporate identity systems.
Passwords, credentials, confidential files, screenshots, internal discussions, sensitive AI context, and private coordination should not become exposed across ordinary communication platforms.
- • Encrypted identity
- • Private Spaces for organizations and teams
- • End-to-end encrypted chat, calls, files, and notes
- • Sensitive AI work and protected collaboration
- • Built for information that cannot leak
Our mission is to secure human work alongside AI.
Product | Affected Versions
Coder | 2.22.0 – 2.24.3
Coder | 2.25.0 – 2.25.1
How the Exploit Works
The vulnerability arises from insecure session handling in Coder’s prebuilt workspaces. When a workspace is started, Coder generates a session token for the user, which is exposed via coder_workspace_owner.session_token. Prebuilt workspaces, owned by a built-in prebuilds system user, can be claimed by a different user. However, when a workspace is claimed, the previous session token for the prebuilds user is not expired, making it an exploitable vulnerability. Any Coder workspace templates that persist this automatically generated session token are potentially impacted.
Conceptual Example Code
Let’s illustrate this with a conceptual example. Suppose an attacker has somehow gained access to the prebuilds user’s session token. The attacker could then use this token in the following way:
GET /coder_workspace/ HTTP/1.1
Host: vulnerable-coder.com
Authorization: Bearer {prebuilds-user-session-token}
{ "workspace_id": "..." }In this example, the attacker uses the prebuilds user’s session token to gain unauthorized access to the workspace data. This could potentially lead to data leakage or a system compromise.
Please remember, this is a conceptual example and not an actual exploit.
Mitigation
The vulnerability is fixed in versions 2.24.4 and 2.25.2 of Coder. Therefore, users are strongly recommended to update their software to these versions immediately. As a temporary mitigation measure, users can apply a vendor patch or use Web Application Firewall (WAF) and Intrusion Detection Systems (IDS). Still, the most secure solution is to update to the patched versions of the software.