CVE-2025-59157

Critical CVSS: 9.9

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.420.7, the Git Repository field during project creation is vulnerable to command injection. User input is not properly sanitized, allowing attackers to inject arbitrary shell commands that execute on the underlying server during the deployment workflow. A regular member user can exploit this vulnerability. Version 4.0.0-beta.420.7 contains a patch for the issue.

Vendor

Coollabs

Product

Coolify

CWE

CWE-78

Yayın Tarihi

2026-01-05 18:15:43

Güncelleme

2026-01-12 15:02:21

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-78 Coolify CRITICAL Coollabs 2026

Referanslar

https://github.com/coollabsio/coolify/security/advisories/GHSA-5cg9-38qj-8mc3

Benzer Kayıtlar

Medium

CVE-2025-64422

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify vstarting…

High

CVE-2025-64423

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions…

Critical

CVE-2025-64424

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions…

High

CVE-2025-64425

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions…

Critical

CVE-2025-64419

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0…

Critical

CVE-2025-64420

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions…