CVE-2025-22605

24.01.2025, 15:15

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Starting in version 4.0.0-beta.18 and prior to 4.0.0-beta.253, a vulnerability in the execution of commands on remote servers allows an authenticated user to execute arbitrary code on the local Coolify container, gaining access to data and private keys or tokens of other users/teams. The ability to inject malicious commands into the Coolify container gives authenticated attackers the ability to fully retrieve and control the data and availability of the software. Centrally hosted Coolify instances (open registration and/or multiple teams with potentially untrustworthy users) are especially at risk, as sensitive data of all users and connected servers can be leaked by any user. Additionally, attackers are able to modify the running software, potentially deploying malicious images to remote nodes or generally changing its behavior. Version 4.0.0-beta.253 patches this issue.

OS Command Injection

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.8 HIGH	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
GitHub_M	CNA	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 40%

Vendor	Product	Version
coollabs	coolify	4.0.0:beta100
coollabs	coolify	4.0.0:beta101
coollabs	coolify	4.0.0:beta102
coollabs	coolify	4.0.0:beta103
coollabs	coolify	4.0.0:beta104
coollabs	coolify	4.0.0:beta105
coollabs	coolify	4.0.0:beta106
coollabs	coolify	4.0.0:beta107
coollabs	coolify	4.0.0:beta108
coollabs	coolify	4.0.0:beta109
coollabs	coolify	4.0.0:beta110
coollabs	coolify	4.0.0:beta111
coollabs	coolify	4.0.0:beta112
coollabs	coolify	4.0.0:beta113
coollabs	coolify	4.0.0:beta114
coollabs	coolify	4.0.0:beta115
coollabs	coolify	4.0.0:beta116
coollabs	coolify	4.0.0:beta117
coollabs	coolify	4.0.0:beta118
coollabs	coolify	4.0.0:beta119
coollabs	coolify	4.0.0:beta120
coollabs	coolify	4.0.0:beta121
coollabs	coolify	4.0.0:beta122
coollabs	coolify	4.0.0:beta123
coollabs	coolify	4.0.0:beta124
coollabs	coolify	4.0.0:beta125
coollabs	coolify	4.0.0:beta126
coollabs	coolify	4.0.0:beta127
coollabs	coolify	4.0.0:beta128
coollabs	coolify	4.0.0:beta129
coollabs	coolify	4.0.0:beta130
coollabs	coolify	4.0.0:beta131
coollabs	coolify	4.0.0:beta132
coollabs	coolify	4.0.0:beta133
coollabs	coolify	4.0.0:beta134
coollabs	coolify	4.0.0:beta135
coollabs	coolify	4.0.0:beta136
coollabs	coolify	4.0.0:beta137
coollabs	coolify	4.0.0:beta138
coollabs	coolify	4.0.0:beta139
coollabs	coolify	4.0.0:beta140
coollabs	coolify	4.0.0:beta141
coollabs	coolify	4.0.0:beta142
coollabs	coolify	4.0.0:beta143
coollabs	coolify	4.0.0:beta144
coollabs	coolify	4.0.0:beta145
coollabs	coolify	4.0.0:beta146
coollabs	coolify	4.0.0:beta147
coollabs	coolify	4.0.0:beta148
coollabs	coolify	4.0.0:beta149
coollabs	coolify	4.0.0:beta150
coollabs	coolify	4.0.0:beta151
coollabs	coolify	4.0.0:beta152
coollabs	coolify	4.0.0:beta153
coollabs	coolify	4.0.0:beta154
coollabs	coolify	4.0.0:beta155
coollabs	coolify	4.0.0:beta156
coollabs	coolify	4.0.0:beta157
coollabs	coolify	4.0.0:beta158
coollabs	coolify	4.0.0:beta159
coollabs	coolify	4.0.0:beta160
coollabs	coolify	4.0.0:beta161
coollabs	coolify	4.0.0:beta162
coollabs	coolify	4.0.0:beta163
coollabs	coolify	4.0.0:beta164
coollabs	coolify	4.0.0:beta165
coollabs	coolify	4.0.0:beta166
coollabs	coolify	4.0.0:beta167
coollabs	coolify	4.0.0:beta168
coollabs	coolify	4.0.0:beta169
coollabs	coolify	4.0.0:beta170
coollabs	coolify	4.0.0:beta171
coollabs	coolify	4.0.0:beta172
coollabs	coolify	4.0.0:beta173
coollabs	coolify	4.0.0:beta174
coollabs	coolify	4.0.0:beta175
coollabs	coolify	4.0.0:beta176
coollabs	coolify	4.0.0:beta177
coollabs	coolify	4.0.0:beta178
coollabs	coolify	4.0.0:beta179
coollabs	coolify	4.0.0:beta18
coollabs	coolify	4.0.0:beta180
coollabs	coolify	4.0.0:beta181
coollabs	coolify	4.0.0:beta182
coollabs	coolify	4.0.0:beta183
coollabs	coolify	4.0.0:beta184
coollabs	coolify	4.0.0:beta185
coollabs	coolify	4.0.0:beta186
coollabs	coolify	4.0.0:beta187
coollabs	coolify	4.0.0:beta188
coollabs	coolify	4.0.0:beta189
coollabs	coolify	4.0.0:beta19
coollabs	coolify	4.0.0:beta190
coollabs	coolify	4.0.0:beta191
coollabs	coolify	4.0.0:beta192
coollabs	coolify	4.0.0:beta193
coollabs	coolify	4.0.0:beta194
coollabs	coolify	4.0.0:beta195
coollabs	coolify	4.0.0:beta196
coollabs	coolify	4.0.0:beta197
coollabs	coolify	4.0.0:beta198
coollabs	coolify	4.0.0:beta199
coollabs	coolify	4.0.0:beta20
coollabs	coolify	4.0.0:beta200
coollabs	coolify	4.0.0:beta201
coollabs	coolify	4.0.0:beta202
coollabs	coolify	4.0.0:beta203
coollabs	coolify	4.0.0:beta204
coollabs	coolify	4.0.0:beta205
coollabs	coolify	4.0.0:beta206
coollabs	coolify	4.0.0:beta207
coollabs	coolify	4.0.0:beta208
coollabs	coolify	4.0.0:beta209
coollabs	coolify	4.0.0:beta21
coollabs	coolify	4.0.0:beta211
coollabs	coolify	4.0.0:beta212
coollabs	coolify	4.0.0:beta213
coollabs	coolify	4.0.0:beta214
coollabs	coolify	4.0.0:beta215
coollabs	coolify	4.0.0:beta216
coollabs	coolify	4.0.0:beta217
coollabs	coolify	4.0.0:beta218
coollabs	coolify	4.0.0:beta219
coollabs	coolify	4.0.0:beta22
coollabs	coolify	4.0.0:beta220
coollabs	coolify	4.0.0:beta221
coollabs	coolify	4.0.0:beta222
coollabs	coolify	4.0.0:beta223
coollabs	coolify	4.0.0:beta224
coollabs	coolify	4.0.0:beta225
coollabs	coolify	4.0.0:beta226
coollabs	coolify	4.0.0:beta227
coollabs	coolify	4.0.0:beta228
coollabs	coolify	4.0.0:beta229
coollabs	coolify	4.0.0:beta23
coollabs	coolify	4.0.0:beta230
coollabs	coolify	4.0.0:beta231
coollabs	coolify	4.0.0:beta232
coollabs	coolify	4.0.0:beta233
coollabs	coolify	4.0.0:beta234
coollabs	coolify	4.0.0:beta235
coollabs	coolify	4.0.0:beta236
coollabs	coolify	4.0.0:beta237
coollabs	coolify	4.0.0:beta238
coollabs	coolify	4.0.0:beta239
coollabs	coolify	4.0.0:beta24
coollabs	coolify	4.0.0:beta240
coollabs	coolify	4.0.0:beta241
coollabs	coolify	4.0.0:beta242
coollabs	coolify	4.0.0:beta243
coollabs	coolify	4.0.0:beta244
coollabs	coolify	4.0.0:beta245
coollabs	coolify	4.0.0:beta246
coollabs	coolify	4.0.0:beta247
coollabs	coolify	4.0.0:beta248
coollabs	coolify	4.0.0:beta249
coollabs	coolify	4.0.0:beta25
coollabs	coolify	4.0.0:beta250
coollabs	coolify	4.0.0:beta251
coollabs	coolify	4.0.0:beta252
coollabs	coolify	4.0.0:beta26
coollabs	coolify	4.0.0:beta27
coollabs	coolify	4.0.0:beta28
coollabs	coolify	4.0.0:beta29
coollabs	coolify	4.0.0:beta30
coollabs	coolify	4.0.0:beta31
coollabs	coolify	4.0.0:beta32
coollabs	coolify	4.0.0:beta33
coollabs	coolify	4.0.0:beta34
coollabs	coolify	4.0.0:beta35
coollabs	coolify	4.0.0:beta36
coollabs	coolify	4.0.0:beta37
coollabs	coolify	4.0.0:beta38
coollabs	coolify	4.0.0:beta39
coollabs	coolify	4.0.0:beta40
coollabs	coolify	4.0.0:beta41
coollabs	coolify	4.0.0:beta42
coollabs	coolify	4.0.0:beta43
coollabs	coolify	4.0.0:beta44
coollabs	coolify	4.0.0:beta45
coollabs	coolify	4.0.0:beta46
coollabs	coolify	4.0.0:beta47
coollabs	coolify	4.0.0:beta48
coollabs	coolify	4.0.0:beta49
coollabs	coolify	4.0.0:beta50
coollabs	coolify	4.0.0:beta51
coollabs	coolify	4.0.0:beta52
coollabs	coolify	4.0.0:beta53
coollabs	coolify	4.0.0:beta54
coollabs	coolify	4.0.0:beta55
coollabs	coolify	4.0.0:beta56
coollabs	coolify	4.0.0:beta57
coollabs	coolify	4.0.0:beta58
coollabs	coolify	4.0.0:beta59
coollabs	coolify	4.0.0:beta60
coollabs	coolify	4.0.0:beta61
coollabs	coolify	4.0.0:beta62
coollabs	coolify	4.0.0:beta63
coollabs	coolify	4.0.0:beta64
coollabs	coolify	4.0.0:beta65
coollabs	coolify	4.0.0:beta66
coollabs	coolify	4.0.0:beta67
coollabs	coolify	4.0.0:beta68
coollabs	coolify	4.0.0:beta69
coollabs	coolify	4.0.0:beta70
coollabs	coolify	4.0.0:beta71
coollabs	coolify	4.0.0:beta72
coollabs	coolify	4.0.0:beta73
coollabs	coolify	4.0.0:beta74
coollabs	coolify	4.0.0:beta75
coollabs	coolify	4.0.0:beta76
coollabs	coolify	4.0.0:beta77
coollabs	coolify	4.0.0:beta78
coollabs	coolify	4.0.0:beta79
coollabs	coolify	4.0.0:beta80
coollabs	coolify	4.0.0:beta81
coollabs	coolify	4.0.0:beta82
coollabs	coolify	4.0.0:beta83
coollabs	coolify	4.0.0:beta84
coollabs	coolify	4.0.0:beta85
coollabs	coolify	4.0.0:beta86
coollabs	coolify	4.0.0:beta87
coollabs	coolify	4.0.0:beta88
coollabs	coolify	4.0.0:beta89
coollabs	coolify	4.0.0:beta90
coollabs	coolify	4.0.0:beta91
coollabs	coolify	4.0.0:beta92
coollabs	coolify	4.0.0:beta93
coollabs	coolify	4.0.0:beta94
coollabs	coolify	4.0.0:beta95
coollabs	coolify	4.0.0:beta96
coollabs	coolify	4.0.0:beta97
coollabs	coolify	4.0.0:beta98
coollabs	coolify	4.0.0:beta99

𝑥

= Vulnerable software versions

Known Exploits!

https://github.com/coollabsio/coolify/security/advisories/GHSA-9wqm-fg79-4748

Common Weakness Enumeration

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References

https://github.com/coollabsio/coolify/blob/40a239ddda3fc919f57a052d7b52b8e1a6696b81/bootstrap/helpers/remoteProcess.php#L70

https://github.com/coollabsio/coolify/commit/353245bb7de9680f238bae30443af1696bc977b0

https://github.com/coollabsio/coolify/pull/1524

https://github.com/coollabsio/coolify/pull/1625

https://github.com/coollabsio/coolify/security/advisories/GHSA-9wqm-fg79-4748