Insecure Session Handling

github.com/coder/coder is vulnerable to Insecure Session Handling. The vulnerability is due to stale session tokens in prebuilt workspaces, allowing attackers to reuse them to gain unauthorized access...

EUVD-2025-27069

Malicious code in bioql PyPI...

SUSE CVE-2025-58437

Coder allows organizations to provision remote development environments via Terraform. In versions 2.22.0 through 2.24.3, 2.25.0 and 2.25.1, Coder can be compromised through insecure session handling in prebuilt workspaces. Coder automatically generates a session token for a user when a workspace...

CVE-2025-58437

Coder allows organizations to provision remote development environments via Terraform. In versions 2.22.0 through 2.24.3, 2.25.0 and 2.25.1, Coder can be compromised through insecure session handling in prebuilt workspaces. Coder automatically generates a session token for a user when a workspace...

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration via insecure session handling in prebuilt workspaces. An attacker can gain unauthorized access to other users' workspaces by reusing unexpired session tokens exposed through...

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration via insecure session handling in prebuilt workspaces. An attacker can gain unauthorized access to other users' workspaces by reusing unexpired session tokens exposed through...

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration via insecure session handling in prebuilt workspaces. An attacker can gain unauthorized access to other users' workspaces by reusing unexpired session tokens exposed through...

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration via insecure session handling in prebuilt workspaces. An attacker can gain unauthorized access to other users' workspaces by reusing unexpired session tokens exposed through...

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration via insecure session handling in prebuilt workspaces. An attacker can gain unauthorized access to other users' workspaces by reusing unexpired session tokens exposed through...

CVE-2025-58437

Coder allows organizations to provision remote development environments via Terraform. In versions 2.22.0 through 2.24.3, 2.25.0 and 2.25.1, Coder can be compromised through insecure session handling in prebuilt workspaces. Coder automatically generates a session token for a user when a workspace...

CVE-2025-58437 Coder's privilege escalation vulnerability could lead to a cross workspace compromise

Coder allows organizations to provision remote development environments via Terraform. In versions 2.22.0 through 2.24.3, 2.25.0 and 2.25.1, Coder can be compromised through insecure session handling in prebuilt workspaces. Coder automatically generates a session token for a user when a workspace...

CVE-2025-58437 Coder's privilege escalation vulnerability could lead to a cross workspace compromise

Coder allows organizations to provision remote development environments via Terraform. In versions 2.22.0 through 2.24.3, 2.25.0 and 2.25.1, Coder can be compromised through insecure session handling in prebuilt workspaces. Coder automatically generates a session token for a user when a workspace...

CVE-2025-58437

Coder versions 2.22.0–2.24.3, 2.25.0–2.25.1 are affected by insecure session handling in prebuilt workspaces, exposing a session token via coder_workspace_owner.session_token. In prebuilt workspaces, the prebuilds system user initially owns the workspace; when a workspace is claimed, a new sessio...

CVE-2025-58437 Coder's privilege escalation vulnerability could lead to a cross workspace compromise

Coder allows organizations to provision remote development environments via Terraform. In versions 2.22.0 through 2.24.3, 2.25.0 and 2.25.1, Coder can be compromised through insecure session handling in prebuilt workspaces. Coder automatically generates a session token for a user when a workspace...

Coder vulnerable to privilege escalation could lead to a cross workspace compromise

Summary Insecure session handling opened room for a privilege escalation scenario in which prebuilt workspaces could be compromised by abusing a shared system identity. Details Coder automatically generates a session token for a user when a workspace is started. It is automatically exposed via...

GHSA-J6XF-JWRJ-V5QP Coder vulnerable to privilege escalation could lead to a cross workspace compromise

Summary Insecure session handling opened room for a privilege escalation scenario in which prebuilt workspaces could be compromised by abusing a shared system identity. Details Coder automatically generates a session token for a user when a workspace is started. It is automatically exposed via...

PT-2025-36355

Name of the Vulnerable Software and Affected Versions Coder versions 2.22.0 through 2.24.3 Coder versions 2.25.0 and 2.25.1 Description Coder allows organizations to provision remote development environments via Terraform. In affected versions, Coder can be compromised through insecure session...

PT-2025-36626

Summary Insecure session handling opened room for a privilege escalation scenario in which prebuilt workspaces could be compromised by abusing a shared system identity. Details Coder automatically generates a session token for a user when a workspace is started. It is automatically exposed via...