CVE-2025-34159

Critical CVSS: 9.4

Coolify versions prior to v4.0.0-beta.420.6 are vulnerable to a remote code execution vulnerability in the application deployment workflow. The platform allows authenticated users, with low-level member privileges, to inject arbitrary Docker Compose directives during project creation. By crafting a malicious service definition that mounts the host root filesystem, an attacker can gain full root access to the underlying server.

Vendor

Coollabs

Product

Coolify

CWE

CWE-20

Yayın Tarihi

2025-08-27 17:15:38

Güncelleme

2025-09-19 16:44:12

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-20 Coolify CRITICAL Coollabs 2025

Referanslar

https://coolify.io/ https://github.com/Eyodav/CVE-2025-34159 https://github.com/coollabsio/coolify/releases/tag/v4.0.0-beta.420.7

Benzer Kayıtlar

Medium

CVE-2025-64422

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify vstarting…

High

CVE-2025-64423

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions…

Critical

CVE-2025-64424

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions…

High

CVE-2025-64425

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions…

Critical

CVE-2025-64419

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0…

Critical

CVE-2025-64420

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions…