Overview
CVE-2025-66411 is a high-severity vulnerability affecting Coder, a platform used for provisioning remote development environments via Terraform. This vulnerability allows unauthorized access to sensitive information due to the logging of Workspace Agent manifests containing sensitive values in plaintext. This issue can be exploited by attackers with limited local access to a Coder Workspace or third-party systems with access to the logs.
Technical Details
The vulnerability stems from the fact that Workspace Agent manifests, which may contain sensitive data like API keys, passwords, or other credentials, were being logged in plaintext without proper sanitization. An attacker gaining access to these logs, whether through local access to the Coder Workspace (VM, Kubernetes Pod, etc.) or via access to a SIEM or logging stack, could potentially compromise the entire development environment and any systems using those credentials.
The vulnerability has been addressed in Coder versions 2.26.5, 2.27.7, and 2.28.4 by implementing proper sanitization of Workspace Agent manifests before logging.
CVSS Analysis
- Severity: HIGH
- CVSS Score: 7.8
A CVSS score of 7.8 indicates a high-severity vulnerability. While the attack requires some level of access (local or logging infrastructure), the potential impact of a successful exploit is significant.
Possible Impact
A successful exploit of CVE-2025-66411 could lead to:
- Data Breach: Exposure of sensitive credentials (API keys, passwords) stored within the Workspace Agent manifests.
- Lateral Movement: Compromised credentials could be used to gain access to other systems and resources within the organization’s network.
- Code Injection: Malicious code could be injected into the development environment.
- Service Disruption: Attackers could disrupt the operation of Coder workspaces.
Mitigation and Patch Steps
The recommended mitigation is to upgrade Coder to one of the following patched versions:
- Coder version 2.26.5 or later
- Coder version 2.27.7 or later
- Coder version 2.28.4 or later
If upgrading is not immediately possible, review your logging configurations and ensure that access to logs containing Coder Workspace Agent manifests is strictly controlled and monitored.
