Cross-Site Scripting Vulnerability in Coolify by Coollabs
CVE-2025-24025

1.3LOW

Key Information:

Vendor: Coollabsio
Status: Coolify
Vendor: CVE Published:; 24 January 2025

What is CVE-2025-24025?

Coolify, an open-source server management tool, has a vulnerability in its tags page that can lead to Cross-Site Scripting. Specifically, when a user conducts a search for tags that yield no results, the unfiltered query appears in an error modal. This flaw allows for the injection of malicious scripts, which can compromise user security. The issue has been addressed in version 4.0.0-beta.380, providing necessary mitigation for users.

Affected Version(s)

coolify < 4.0.0-beta.361

References

https://github.com/coollabsio/coolify/security/advisories...

x_refsource_CONFIRM

CVSS V4

Score:

1.3

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 24, 2025
Vulnerability Reserved
Jan 16, 2025

Coollabsio

What is CVE-2025-24025?

Affected Version(s)

References

CVSS V4

Timeline