CVE-2025-53375

Medium CVSS: 4.9

Dokploy is a self-hostable Platform as a Service (PaaS) that simplifies the deployment and management of applications and databases. An authenticated attacker can read any file that the Traefik process user can access (e.g., /etc/passwd, application source, environment variable files containing credentials and secrets). This may lead to full compromise of other services or lateral movement. This vulnerability is fixed in 0.23.7.

Vendor

Dokploy

Product

Dokploy

CWE

CWE-22

Yayın Tarihi

2025-07-07 16:15:25

Güncelleme

2025-09-29 13:55:34

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-22 Dokploy MEDIUM Dokploy 2025

Referanslar

https://github.com/Dokploy/dokploy/commit/e42f6bc61050cd438726921fced64477cbf8f8e6 https://github.com/Dokploy/dokploy/security/advisories/GHSA-vq94-qm94-mxp6

Benzer Kayıtlar

Medium

CVE-2026-24839

Dokploy is a free, self-hostable Platform as a Service (PaaS). In versions prior to 0.26.6, the Dokploy web interface is…

High

CVE-2026-24840

Dokploy is a free, self-hostable Platform as a Service (PaaS). In versions prior to 0.26.6, a hardcoded credential in th…

Critical

CVE-2026-24841

Dokploy is a free, self-hostable Platform as a Service (PaaS). In versions prior to 0.26.6, a critical command injection…

Critical

CVE-2025-53825

Dokploy is a free, self-hostable Platform as a Service (PaaS). Prior to version 0.24.3, an unauthenticated preview deplo…

Low

CVE-2025-53374

Dokploy is a self-hostable Platform as a Service (PaaS) that simplifies the deployment and management of applications an…

Medium

CVE-2025-53376

Dokploy is a self-hostable Platform as a Service (PaaS) that simplifies the deployment and management of applications an…