Command Injection Vulnerability in Coolify by Coollabs

CVE-2025-64419

What is CVE-2025-64419?

A command injection vulnerability exists in Coolify, an open-source tool for managing servers and applications, impacting versions before 4.0.0-beta.445. This flaw arises from the lack of parameter sanitization derived from the 'docker-compose.yaml' file during command execution. An attacker can exploit this weakness if a victim user inadvertently creates an application using a malicious repository with the build pack 'docker compose'. This could result in arbitrary command execution on the affected Coolify instance with root privileges.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

News Articles

Cyber Press

CVE-2025-64419CVE-2025-64420

Coolify Self-Hosting Platform Vulnerabilities Allow Attackers to Execute Arbitrary System Commands

The vulnerabilities pose severe risks to organizations deploying Coolify instances, particularly those exposed to the internet.

1 month ago

References