User Information Disclosure in Dokploy Platform by Low-Privilege Accounts
CVE-2025-53374

1.3LOW

Key Information:

Vendor: Dokploy
Status: Dokploy
Vendor: CVE Published:; 7 July 2025

What is CVE-2025-53374?

A vulnerability in Dokploy allows authenticated low-privileged users to access sensitive profile information of other users within the same organization. By invoking the user.one endpoint, these users can retrieve details such as email addresses, roles, two-factor authentication statuses, organization IDs, and various account flags, leading to potential exposure of personally identifiable information (PII). Mitigation measures are included in the upcoming version v0.23.7.

Affected Version(s)

dokploy < 0.23.7

References

https://github.com/Dokploy/dokploy/security/advisories/GH...

x_refsource_CONFIRM

https://github.com/Dokploy/dokploy/commit/61cf426615a4aa0...

x_refsource_MISC

CVSS V4

Score:

1.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 7, 2025
Vulnerability Reserved
Jun 27, 2025