How severe is CVE-2025-47269?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.3 out of 10.

What type of vulnerability is CVE-2025-47269?

This is classified as CWE-441, which is a common weakness in software security.

CVE-2025-47269 - HIGH Severity | CVSS 8.3

Vulnerability Description

code-server runs VS Code on any machine anywhere through browser access. Prior to version 4.99.4, a maliciously crafted URL using the proxy subpath can result in the attacker gaining access to the session token. Failure to properly validate the port for a proxy request can result in proxying to an arbitrary domain. The malicious URL `https://<code-server>/proxy/[email protected]/path` would be proxied to `[email protected]/path` where the attacker could exfiltrate a user's session token. Any user who runs code-server with the built-in proxy enabled and clicks on maliciously crafted links that go to their code-server instances with reference to /proxy. Normally this is used to proxy local ports, however the URL can reference the attacker's domain instead, and the connection is then proxied to that domain, which will include sending cookies. With access to the session cookie, the attacker can then log into code-server and have full access to the machine hosting code-server as the user running code-server. This issue has been patched in version 4.99.4.

Related Vulnerabilities

CVE-2021-32783

HIGH

CVSS:8.5(High)

Contour is a Kubernetes ingress controller using Envoy proxy. In Contour before version 1.17.1 a specially crafted ExternalName type Service may be used to access Envoy's admin interface, which Contou...

CWE-4412021

CVE-2019-1841

HIGH

CVSS:8.1(High)

A vulnerability in the Software Image Management feature of Cisco DNA Center could allow an authenticated, remote attacker to access to internal services without additional authentication. The vulnera...

CWE-4412019

CVE-2024-30128

HIGH

CVSS:8.6(High)

HCL Nomad server on Domino is affected by an open proxy vulnerability in which an unauthenticated attacker can mask their original source IP address. This may enable an attacker to trick the user into...

CWE-4412024

CVE-2023-40111

HIGH

CVSS:7.8(High)

In setMediaButtonReceiver of MediaSessionRecord.java, there is a possible way to send a pending intent on behalf of system_server due to a confused deputy. This could lead to local escalation of privi...

CWE-4412023

CVE-2015-2947

CRITICAL

CVSS:9.1(Critical)

KanColleViewer versions 3.8.1 and earlier operates as an open proxy which allows remote attackers to trigger outbound network traffic.

CWE-4412015

CVE-2019-3924

HIGH

CVSS:7.5(High)

MikroTik RouterOS before 6.43.12 (stable) and 6.42.12 (long-term) is vulnerable to an intermediary vulnerability. The software will execute user defined network requests to both WAN and LAN clients. A...

CWE-4412019