CVE-2025-60925 – codeshare v1.0.0 contains an information leakag... (How to Fix)

Q: What is the severity of CVE-2025-60925?

CVE-2025-60925 has a CVSS score of 5.3 (MEDIUM). codeshare v1.0.0 contains an information leakage vulnerability that allows unauthorized access to users' full collaboration history. This affects all users of codeshare v1.0.0 who have shared code snippets or collaborated on the platform.

📋 TL;DR

codeshare v1.0.0 contains an information leakage vulnerability that allows unauthorized access to users' full collaboration history. This affects all users of codeshare v1.0.0 who have shared code snippets or collaborated on the platform.

💻 Affected Systems

Products:

codeshare

Versions: v1.0.0

Operating Systems: all

Default Config Vulnerable: ⚠️ Yes

Notes: All installations of codeshare v1.0.0 are vulnerable regardless of configuration.

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could access sensitive code, intellectual property, credentials, or proprietary algorithms from all users' historical sessions, leading to data breaches and competitive advantage loss.

🟠

Likely Case

Unauthorized users can view previously shared code snippets, collaboration history, and potentially sensitive information left in code comments or variables.

🟢

If Mitigated

With proper access controls and monitoring, impact is limited to unauthorized viewing of non-sensitive historical collaboration data.

🌐 Internet-Facing: HIGH

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The Medium article demonstrates exploitation techniques, and the vulnerability requires minimal technical skill to exploit.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: unknown

Vendor Advisory: none

Restart Required: No

Instructions:

No official patch available. Consider migrating to alternative code collaboration platforms or implementing custom security controls.

🔧 Temporary Workarounds

Disable public access

all

Restrict codeshare instance to internal network only

Configure firewall rules to block external access to codeshare port

Implement reverse proxy with authentication

linux

Place codeshare behind authentication proxy

nginx or apache configuration with basic auth or OAuth

🧯 If You Can't Patch

Monitor access logs for unusual pattern of history viewing requests
Implement network segmentation to isolate codeshare from sensitive systems

🔍 How to Verify

Check if Vulnerable:

Check if running codeshare v1.0.0 by examining package version or application metadata

Check Version:

Check package.json or application configuration for version information

Verify Fix Applied:

Test if unauthorized users can access other users' collaboration history via API endpoints

📡 Detection & Monitoring

Log Indicators:

Multiple GET requests to /api/history endpoints from single IP
Unauthorized access attempts to user collaboration data

Network Indicators:

Unusual volume of API calls to history endpoints
External IPs accessing collaboration history APIs

SIEM Query:

source="codeshare" AND (uri_path="/api/history" OR uri_path="/api/collaboration") AND status=200 AND user="anonymous"

📊 Metadata

CVE ID: CVE-2025-60925

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-200

Published: November 4, 2025

Last Updated: February 5, 2026

🤖 AI-assisted analysis, reviewed for accuracy

🔗 References

https://gist.github.com/XERXES-OG/8fa5e75604e1d0c908cff3f85251c6b1 Third Party Advisory
https://medium.com/@ashutoshhwork/accessing-full-history-of-codeshare-io-users-432315083930 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-60925, you might also want to check these: