VDB
CVE-2025-66411
CVE-2025-66411
PUBLISHED
CVSS 5.5 MEDIUM
Coder logs sensitive objects unsanitized
EPSS 0.04% · 12.0th percentile
Risk Scores
CVSS v3.1
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score
0.04%
12.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| github.com | coder/coder/v2 | 2.28.0, 2.27.0, 0 |
| coder | coder | >= 2.28.0, < 2.28.4, >= 2.27.0, < 2.27.7, < 2.26.5 |
Timeline
- Dec 3, 2025 CVE Published
- Dec 3, 2025 PoC Published
- Dec 4, 2025 CVE Updated
- Dec 4, 2025 EPSS Score
- Dec 8, 2025 EPSS Score
- Dec 13, 2025 EPSS Score
- Dec 17, 2025 EPSS Score
- Dec 21, 2025 EPSS Score
- Dec 26, 2025 EPSS Score
- Dec 30, 2025 EPSS Score
- Jan 3, 2026 EPSS Score
- Jan 8, 2026 EPSS Score
References
- https://github.com/coder/coder/security/advisories/GHSA-jf75-p25m-pw74 url
- https://github.com/coder/coder/commit/e2a46393fce40bc630df3293c1ee66a596277289 url
- https://github.com/coder/coder/releases/tag/v2.26.5 url
- https://github.com/coder/coder/releases/tag/v2.27.7 url
- https://github.com/coder/coder/releases/tag/v2.28.4 url
- https://nvd.nist.gov/vuln/detail/CVE-2025-66411 advisory
- https://github.com/coder/coder/pull/20968 url
- https://github.com/coder/coder/commit/06c6abbe0935f9213c1588add60a396da5762e1c url
- https://github.com/coder/coder/commit/a75205a559211c8aa494b1a16750d114b263f24a url
- https://github.com/coder/coder package