CVE-2025-34161

Critical CVSS: 9.4

Coolify versions prior to v4.0.0-beta.420.7 are vulnerable to a remote code execution vulnerability in the project deployment workflow. The platform allows authenticated users, with low-level member privileges, to inject arbitrary shell commands via the Git Repository field during project creation. By submitting a crafted repository string containing command injection syntax, an attacker can execute arbitrary commands on the underlying host system, resulting in full server compromise.

Vendor

Coollabs

Product

Coolify

CWE

CWE-20

Yayın Tarihi

2025-08-27 17:15:38

Güncelleme

2025-09-19 16:37:02

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-20 Coolify CRITICAL Coollabs 2025

Referanslar

https://coolify.io/ https://github.com/Eyodav/CVE-2025-34161 https://github.com/coollabsio/coolify/releases/tag/v4.0.0-beta.420.7

Benzer Kayıtlar

Medium

CVE-2025-64422

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify vstarting…

High

CVE-2025-64423

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions…

Critical

CVE-2025-64424

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions…

High

CVE-2025-64425

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions…

Critical

CVE-2025-64419

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0…

Critical

CVE-2025-64420

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions…