Detections
Analytics

CVE-2025-59157

critical

Description

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.420.7, the Git Repository field during project creation is vulnerable to command injection. User input is not properly sanitized, allowing attackers to inject arbitrary shell commands that execute on the underlying server during the deployment workflow. A regular member user can exploit this vulnerability. Version 4.0.0-beta.420.7 contains a patch for the issue.

References

https://thehackernews.com/2026/01/coolify-discloses-11-critical-flaws.html

https://github.com/coollabsio/coolify/security/advisories/GHSA-5cg9-38qj-8mc3

Details

Source: Mitre, NVD

Published: 2026-01-05

Updated: 2026-01-08

Risk Information

CVSS v2

Base Score: 9

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 9.9

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00205