CVE-2025-34159

Coolify versions prior to v4.0.0-beta.420.6 are vulnerable to a remote code execution vulnerability in the application deployment workflow. The platform allows authenticated users, with low-level member privileges, to inject arbitrary Docker Compose directives during project creation. By crafting a malicious service definition that mounts the host root filesystem, an attacker can gain full root access to the underlying server.

CVSS

No CVSS.

References

Link	Resource
https://coolify.io/
https://github.com/Eyodav/CVE-2025-34159
https://github.com/coollabsio/coolify/releases/tag/v4.0.0-beta.420.7

Configurations

No configuration.

History

29 Aug 2025, 16:24

Type	Values Removed	Values Added
Summary		(es) Las versiones de Coolify anteriores a la v4.0.0-beta.420.6 son vulnerables a una vulnerabilidad de ejecución remota de código en el flujo de trabajo de implementación de aplicaciones. La plataforma permite a usuarios autenticados, con privilegios de miembro de bajo nivel, inyectar directivas arbitrarias de Docker Compose durante la creación del proyecto. Al manipular una definición de servicio maliciosa que monta el sistema de archivos raíz del host, un atacante puede obtener acceso root completo al servidor subyacente.

27 Aug 2025, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-27 17:15

Updated : 2025-08-29 16:24

NVD link : CVE-2025-34159

Mitre link : CVE-2025-34159

CVE.ORG link : CVE-2025-34159

JSON object : View

Products Affected

No product.

CWE

CWE-20

Improper Input Validation

CWE-94

Improper Control of Generation of Code ('Code Injection')

{"id": "CVE-2025-34159", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.4, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-08-27T17:15:38.123", "references": [{"url": "https://coolify.io/", "source": "disclosure@vulncheck.com"}, {"url": "https://github.com/Eyodav/CVE-2025-34159", "source": "disclosure@vulncheck.com"}, {"url": "https://github.com/coollabsio/coolify/releases/tag/v4.0.0-beta.420.7", "source": "disclosure@vulncheck.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-20"}, {"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "Coolify versions prior to v4.0.0-beta.420.6 are vulnerable to a remote code execution vulnerability in the application deployment workflow. The platform allows authenticated users, with low-level member privileges, to inject arbitrary Docker Compose directives during project creation. By crafting a malicious service definition that mounts the host root filesystem, an attacker can gain full root access to the underlying server."}, {"lang": "es", "value": "Las versiones de Coolify anteriores a la v4.0.0-beta.420.6 son vulnerables a una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en el flujo de trabajo de implementaci\u00f3n de aplicaciones. La plataforma permite a usuarios autenticados, con privilegios de miembro de bajo nivel, inyectar directivas arbitrarias de Docker Compose durante la creaci\u00f3n del proyecto. Al manipular una definici\u00f3n de servicio maliciosa que monta el sistema de archivos ra\u00edz del host, un atacante puede obtener acceso root completo al servidor subyacente."}], "lastModified": "2025-08-29T16:24:09.860", "sourceIdentifier": "disclosure@vulncheck.com"}