Primary

Context

Coolify Remote Code Execution Vulnerability

Vulnerability

A remote code execution vulnerability has been identified in Coolify versions prior to v4.0.0-beta.420.7. This issue arises in the project deployment workflow, where authenticated users with low-level member privileges can inject arbitrary shell commands. The vulnerability is exploited by crafting a repository string that includes command injection syntax, which is then executed on the host system, potentially leading to a full server compromise.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the host system, with the potential for full server compromise.

Remediation

Users are advised to update to Coolify version v4.0.0-beta.420.7 or later.

Added: Aug 27, 2025, 5:20 PM

Updated: Aug 27, 2025, 5:20 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

5.2

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

5.2

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Coolify Remote Code Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating