Coder

2 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2025-66411 HIGH POC PATCH This Week

Coder allows organizations to provision remote development environments via Terraform. Prior to 2.26.5, 2.27.7, and 2.28.4, Workspace Agent manifests containing sensitive values were logged in plaintext unsanitized. An attacker with limited local access to the Coder Workspace (VM, K8s Pod etc.) or a third-party system (SIEM, logging stack) could access those logs. This vulnerability is fixed in 2.26.5, 2.27.7, and 2.28.4.

Kubernetes Information Disclosure Coder Suse
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-58437 HIGH POC PATCH This Week

Coder allows organizations to provision remote development environments via Terraform. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Hashicorp Information Disclosure Coder Suse
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2025-66411
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

Coder allows organizations to provision remote development environments via Terraform. Prior to 2.26.5, 2.27.7, and 2.28.4, Workspace Agent manifests containing sensitive values were logged in plaintext unsanitized. An attacker with limited local access to the Coder Workspace (VM, K8s Pod etc.) or a third-party system (SIEM, logging stack) could access those logs. This vulnerability is fixed in 2.26.5, 2.27.7, and 2.28.4.

Kubernetes Information Disclosure Coder +1
NVD GitHub
CVE-2025-58437
EPSS 0% CVSS 8.1
HIGH POC PATCH This Week

Coder allows organizations to provision remote development environments via Terraform. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Hashicorp Information Disclosure Coder +1
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy