What is CVE-2025-58437?

CVE-2025-58437 is a high-severity vulnerability in Coder, classified under Insufficient Session Expiration. CVSS score: 8.1/10. Published 2025-09-06.

How severe is CVE-2025-58437?

High severity. CVSS v3 base score is 8.1 out of 10.

Vulnerability in Coder

CVE-2025-58437

Coder allows organizations to provision remote development environments via Terraform. In versions 2.22.0 through 2.24.3, 2.25.0 and 2.25.1, Coder can be compromised through insecure session handling in prebuilt workspaces. Coder automati…

EPSS: 0.001 (23.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.1 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N.

Affected products

Coder — versions >= 2.22.0, < 2.24.4, >= 2.25.0, < 2.25.2

Weakness classification (CWE)

References

https://github.com/coder/coder/security/advisories/GHSA-j6xf-jwrj-v5qp (x_refsource_CONFIRM)
https://github.com/coder/coder/pull/19667 (x_refsource_MISC)
https://github.com/coder/coder/pull/19668 (x_refsource_MISC)
https://github.com/coder/coder/pull/19669 (x_refsource_MISC)
https://github.com/coder/coder/commit/06cbb2890f453cd522bb2158a6549afa3419c276 (x_refsource_MISC)
https://github.com/coder/coder/commit/20d67d7d7191a4fd5d36a61c6fc1e23ab59befc0 (x_refsource_MISC)
https://github.com/coder/coder/commit/ec660907faa0b0eae20fa2ba58ce1733f5f4b35a (x_refsource_MISC)

Frequently asked questions

What is CVE-2025-58437?: CVE-2025-58437 is a high-severity vulnerability in Coder, classified under Insufficient Session Expiration. CVSS score: 8.1/10. Published 2025-09-06.
How severe is CVE-2025-58437?: High severity. CVSS v3 base score is 8.1 out of 10.