2 matches found
CVE-2025-22606
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In version 4.0.0-beta.358 and possibly earlier versions, when creating or updating a "project," it is possible to inject arbitrary shell commands by altering the project name. If a name includes...
CVE-2025-22606
CVE-2025-22606 describes a command-injection vulnerability in Coolify caused by unsafely handling project names in versions up to 4.0.0-beta.358 (likely earlier). An attacker with access to project management could inject arbitrary shell commands by including unescaped characters (e.g., a single ...