28 matches found
CVE-2025-22610
Summary: CVE-2025-22610 affects Coolify prior to 4.0.0-beta.361, where missing authorization lets any authenticated user fetch and modify the global OAuth configuration, exposing the OAuth client ID and client secret for every custom provider. Affected component/flow: global Coolify OAuth configu...
CVE-2025-22605
CVE-2025-22605 affects Coolify prior to 4.0.0-beta.253, where an authenticated user can execute arbitrary commands in the local Coolify container due to a vulnerability in remote command execution. This could lead to data and private keys/tokens exposure, and the ability to modify running softwar...
CVE-2025-22609
Coolify (open-source self-hosted) is affected for all versions prior to 4.0.0-beta.361. The issue is a missing authorization that allows any authenticated user to attach an existing private key from a Coolify instance to their own server. If the attacker’s target server configuration (IP/domain, ...
CVE-2025-22608
Coolify (before 4.0.0-beta.361) suffers from missing authorization that lets any authenticated user revoke arbitrary team invitations by providing a predictable, incrementing ID, enabling Denial of Service. A patch is available in 4.0.0-beta.361. The issue’s description across multiple sources co...
CVE-2025-22612
CVE-2025-22612 affects Coolify prior to 4.0.0-beta.374. The issue is due to missing authorization, allowing an authenticated user to retrieve private keys in plain text and, if the victim’s server configuration (IP/domain, port, user) matches, to execute arbitrary commands on the remote server. V...
CVE-2025-22611
Coolify before 4.0.0-beta.361 is affected by an elevation of privilege due to missing authorization, allowing any authenticated user to escalate privileges to any role (including owner) and remove other members (admins/owners). This also enables access to the Terminal feature to execute remote co...
CVE-2025-24025
CVE-2025-24025 affects Coolify versions prior to 4.0.0-beta.380. The issue arises on the tags search page: when a search yields no results, the query is reflected in the error modal, resulting in a cross-site scripting (XSS) vulnerability. The root cause is the reflective handling of user input o...
CVE-2025-22607
CVE-2025-22607 concerns Coolify. Before 4.0.0-beta.361, an authenticated user could fetch the details page for any GitHub/GitLab configuration by knowing only the UUID, exposing the client id , client secret , and webhook secret . The issue is fixed in version 4.0.0-beta.361 . Connected sources c...
CVE-2025-22606
CVE-2025-22606 describes a command-injection vulnerability in Coolify caused by unsafely handling project names in versions up to 4.0.0-beta.358 (likely earlier). An attacker with access to project management could inject arbitrary shell commands by including unescaped characters (e.g., a single ...
CVE-2025-34161
CVE-2025-34161 affects Coolify versions prior to v4.0.0-beta.420.7. A remote code execution flaw exists in the project deployment workflow: authenticated users with low privileges can inject arbitrary shell commands through the Git Repository field during project creation, leading to arbitrary co...
CVE-2025-34159
CVE-2025-34159 affects Coolify
CVE-2025-64424
CVE-2025-64424 affects Coolify up to v4.0.0-beta.434, enabling a low-privileged user to run commands as root via a command-injection in the git source input fields of a resource. Several connected sources corroborate the vulnerability class and affected components; remediation notes indicate fixe...
CVE-2025-66213
CVE-2025-66213 affects Coolify prior to 4.0.0-beta.451, where the File Storage Directory Mount Path feature chains an un-sanitized file_storage_directory_source parameter into shell commands. This authenticated vulnerability lets users with application/service management permissions run arbitrary...
CVE-2025-34157
CVE-2025-34157 concerns Coolify. A stored XSS in the project-creation workflow affects versions prior to 4.0.0-beta.420.6. An authenticated user with low privileges can craft a project name containing JavaScript, which when an administrator deletes the project executes in the admin context, enabl...
CVE-2025-64425
CVE-2025-64425 affects Coolify up to v4.0.0-beta.434. The vulnerability arises in the password reset flow where an attacker can modify the host header of the request. The victim receives a reset email containing a link to the attacker’s host; when the user clicks it, the reset token is sent to th...
CVE-2025-59156
CVE-2025-59156 affects Coolify prior to version 4.0.0-beta.420.7, where a remote command injection flaw in the application deployment workflow allows a low-privileged user to inject arbitrary Docker Compose directives. By defining a malicious service that mounts the host filesystem, an attacker c...
CVE-2025-66210
CVE-2025-66210 (Coolify) : An authenticated command-injection in the Database Import functionality allows users with application/service management permissions to execute arbitrary commands as root on managed servers. The issue arises because database names passed to shell commands during import ...
CVE-2025-64423
Coolify CVE-2025-64423 affects the Web UI: in versions up to and including 4.0.0-beta.434, a low-privileged member can see and use admin invitation links, allowing login as an administrator if used before the legitimate recipient, i.e., privilege escalation. The Red Hat/NVD entries corroborate th...
CVE-2025-64422
CVE-2025-64422 affects Coolify 4.0.0-beta.434 and later. The /login endpoint advertises a rate limit of 5 requests but can be bypassed by rotating the X-Forwarded-For header, enabling unlimited credential stuffing and brute-force attempts against user and admin accounts. The available connected s...
CVE-2025-66212
CVE-2025-66212 (Coolify) is an authenticated command injection affecting Coolify before 4.0.0-beta.451. The vulnerability lies in Dynamic Proxy Configuration Filename handling, where proxy filenames are passed to shell commands without escaping, enabling arbitrary commands to run with root privil...
CVE-2025-64421
CVE-2025-64421 affects Coolify up to version 4.0.0-beta.434. A low-privileged user (member) can invite a high-privileged user by triggering a double-invite process, thereby granting themselves administrator access. After being invited, the attacker can perform a password reset to log in as admin....
CVE-2025-66209
CVE-2025-66209 affects Coolify (open‑source self‑hosted platform for managing servers, apps, and databases). The authenticated command injection vulnerability exists prior to 4.0.0-beta.451 in the Database Backup functionality, where database names are passed to shell commands without sanitizatio...
CVE-2025-66211
CVE-2025-66211 affects Coolify prior to 4.0.0-beta.451. An authenticated command injection in PostgreSQL Init Script Filename handling allows users with application/service management permissions to run arbitrary commands as root on managed servers. Shell commands receive unvalidated PostgreSQL i...
CVE-2025-59157
CVE-2025-59157 – Coolify Git Repository RCE . Multiple sources describe a command-injection flaw in Coolify prior to 4.0.0-beta.420.7, triggered by unsanitized input in the Git Repository field during project creation/deployment workflows. The issue allows an attacker with regular member privileg...
CVE-2025-59158
CVE-2025-59158 affects Coolify, a self-hosted application management platform. Version scope: vulnerable when using versions up to and including v4.0.0-beta.420.6; a stored cross-site scripting (XSS) flaw exists in the project creation workflow. An authenticated user with low privileges (e.g., me...
CVE-2025-59955
Coolify (versions ≤ 4.0.0-beta.420.8) has an information disclosure in /api/v1/teams/{team_id}/members and /api/v1/teams/current/members, allowing authenticated team members to access the email_change_code of other users on the same team. This code is intended for single-use email-change verifica...
CVE-2025-64420
CVE-2025-64420 affects Coolify before/including v4.0.0-beta.434, where low-privilege users could view the root user’s private key on the instance, enabling SSH access as root. Public sources consistently describe this as an information-disclosure flaw that directly facilitates privileged access. ...
CVE-2025-64419
CVE-2025-64419 affects Coolify prior to 4.0.0-beta.445. The vulnerability arises from unsanitized docker-compose.yaml parameters used in commands, enabling a remote attacker to run commands as root on the Coolify instance if a victim creates an application from an attacker repository (build pack ...