CVE-2025-66212 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command in…
Critical CVSS: 9.4

CVE-2025-66212

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the Dynamic Proxy Configuration Filename handling allows users with application/service management permissions to execute arbitrary commands as root on managed servers. Proxy configuration filenames are passed to shell commands without proper escaping, enabling full remote code execution. Version 4.0.0-beta.451 fixes the issue.
Vendor
Coollabs
Product
Coolify
CWE
CWE-78
Yayın Tarihi
2025-12-23 22:15:52
Güncelleme
2026-03-17 17:16:14
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-78 Coolify CRITICAL Coollabs 2025

Referanslar

https://github.com/0xrakan/coolify-cve-2025-66209-66213 https://github.com/coollabsio/coolify/pull/7375 https://github.com/coollabsio/coolify/releases/tag/v4.0.0-beta.451 https://github.com/coollabsio/coolify/security/advisories/GHSA-q7rg-2j7p-83gp https://github.com/coollabsio/coolify/security/advisories/GHSA-q7rg-2j7p-83gp