"Cybersecurity researchers have disclosed details of multiple critical-severity security flaws affecting Coolify, an open-source, self-hosting platform, that could result in authentication bypass and remote code execution. The list of vulnerabilities is as follows - CVE-2025-66209 (CVSS score: 10.0) - A command injection vulnerability in the database backup functionality allows any authenticated user with database backup permissions to execute arbitrary commands on the host server, resulting in container escape and full server compromise"
"CVE-2025-66210 (CVSS score: 10.0) - An authenticated command injection vulnerability in the database import functionality allows attackers to execute arbitrary commands on managed servers, leading to full infrastructure compromise CVE-2025-66211 (CVSS score: 10.0) - A command injection vulnerability in the PostgreSQL init script management allows authenticated users with database permissions to execute arbitrary commands as root on the server CVE-2025-66212 (CVSS score: 10.0) -"
"CVE-2025-66213 (CVSS score: 10.0) - An authenticated command injection vulnerability in the File Storage Directory Mount functionality allows users with application/service management permissions to execute arbitrary commands as root on managed servers CVE-2025-64419 (CVSS score: 9.7) - A command injection vulnerability via docker-compose.yaml that enables attackers to execute arbitrary system commands as root on the Coolify instance CVE-2025-64420 (CVSS score: 10.0) -"
Multiple critical vulnerabilities affect Coolify, enabling authenticated or low-privileged users to execute arbitrary commands, disclose private keys, and gain root access. Several command injection flaws exist in database backup, database import, PostgreSQL init script management, dynamic proxy configuration, and file storage directory mount functionalities, each allowing command execution as root or container escape and potential full server or infrastructure compromise. A docker-compose.yaml command injection enables root command execution on the instance. An information disclosure flaw exposes the root user's private SSH key to low-privileged users, permitting unauthorized SSH access as root. Most issues carry CVSS scores of 10.0; one scores 9.7.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]