CVE-2025-22612 Coolify Vulnerable to Private Key Enumeration on Onboarding resulting in Remote Command Execution (RCE)

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.374, the missing authorization allows an authenticated user to retrieve any existing private keys on a coolify instance in plain text. If the server configuration of IP ...

CVE-2025-22612

CVE-2025-22612 affects Coolify prior to 4.0.0-beta.374. The issue is due to missing authorization, allowing an authenticated user to retrieve private keys in plain text and, if the victim’s server configuration (IP/domain, port, user) matches, to execute arbitrary commands on the remote server. V...

CVE-2025-22611 Coolify vulnerable to Privilege Escalation resulting in Remote Command Execution (RCE)

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to escalate his or any other team members privileges to any role, including the owner role. He's also able t...

CVE-2025-22611 Coolify vulnerable to Privilege Escalation resulting in Remote Command Execution (RCE)

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to escalate his or any other team members privileges to any role, including the owner role. He's also able t...

CVE-2025-22611

Coolify before 4.0.0-beta.361 is affected by an elevation of privilege due to missing authorization, allowing any authenticated user to escalate privileges to any role (including owner) and remove other members (admins/owners). This also enables access to the Terminal feature to execute remote co...

CVE-2025-22611 Coolify vulnerable to Privilege Escalation resulting in Remote Command Execution (RCE)

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to escalate his or any other team members privileges to any role, including the owner role. He's also able t...

CVE-2025-22609 Coolify Vulnerable to Private Key Hijacking / Remote Command Execution (RCE)

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to attach any existing private key on a coolify instance to his own server. If the server configuration of I...

CVE-2025-22609

Coolify (open-source self-hosted) is affected for all versions prior to 4.0.0-beta.361. The issue is a missing authorization that allows any authenticated user to attach an existing private key from a Coolify instance to their own server. If the attacker’s target server configuration (IP/domain, ...

CVE-2025-22609 Coolify Vulnerable to Private Key Hijacking / Remote Command Execution (RCE)

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to attach any existing private key on a coolify instance to his own server. If the server configuration of I...

CVE-2025-22609 Coolify Vulnerable to Private Key Hijacking / Remote Command Execution (RCE)

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to attach any existing private key on a coolify instance to his own server. If the server configuration of I...

PT-2025-4597 · Coolify · Coolify

Name of the Vulnerable Software and Affected Versions: Coolify versions prior to 4.0.0-beta.361 Description: The issue allows any authenticated user to escalate their or other team members' privileges to any role, including the owner role. This also enables the attacker to kick every other member...

PT-2025-4598 · Coolify · Coolify

Name of the Vulnerable Software and Affected Versions: Coolify versions prior to 4.0.0-beta.374 Description: The issue allows an authenticated user to retrieve any existing private keys on a Coolify instance in plain text due to missing authorization. If the server configuration of IP/domain, por...

Coolify 安全漏洞

Coolify is an open source and self-hosted alternative to Heroku/Netlify/Vercel. coolLabs Coolify suffers from a remote command execution vulnerability that can be exploited by an attacker to execute arbitrary commands on a victim's server...

SonicWall SMA 1000 Series < 12.4.3-02854 Pre-authentication Remote Command Execution (SNWLID-2025-0002)

The remote host is a SonicWall SMA 1000 Series device that may be affected by a pre-authentication remote command execution vulnerability: - Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console AMC and Central Managemen...

The vulnerability of the sub_422eb8 function in Linksys E8450 Wi-Fi router microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the sub422eb8 function in Linksys E8450 Wi-Fi routers’ microprogramming software is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the kubelet utility, a management tool for clusters of virtual machines in Kubernetes, for Windows operating systems allows a hacker to execute arbitrary commands.

The vulnerability of the kubelet utility in the Kubernetes cluster management software for Windows operating systems is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

SonicWall SMA1000 Appliances Deserialization Vulnerability

SonicWall SMA1000 Appliance Management Console AMC and Central Management Console CMC contain a deserialization of untrusted data vulnerability, which can enable a remote, unauthenticated attacker to execute arbitrary OS commands...

Vulnerability fixed in SonicWall SMA1000 Appliance

SonicWall has fixed a vulnerability in the SMA1000 Appliance Management Console and Central Management Console. The vulnerability is located in the SMA1000 Appliance Management Console and Central Management Console, which allows remote, unauthenticated attackers to execute arbitrary OS commands...

CVE-2025-23006

Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console AMC and Central Management Console CMC, which in specific conditions could potentially enable a remote unauthenticated attacker to execute arbitrary OS commands...

CVE-2025-23006

Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console AMC and Central Management Console CMC, which in specific conditions could potentially enable a remote unauthenticated attacker to execute arbitrary OS commands...