CVE-2025-34161

Coolify versions prior to v4.0.0-beta.420.7 are vulnerable to a remote code execution vulnerability in the project deployment workflow. The platform allows authenticated users, with low-level member privileges, to inject arbitrary shell commands via the Git Repository field during project creation. By submitting a crafted repository string containing command injection syntax, an attacker can execute arbitrary commands on the underlying host system, resulting in full server compromise.

CVSS

No CVSS.

References

Link	Resource
https://coolify.io/
https://github.com/Eyodav/CVE-2025-34161
https://github.com/coollabsio/coolify/releases/tag/v4.0.0-beta.420.7

Configurations

No configuration.

History

29 Aug 2025, 16:24

Type	Values Removed	Values Added
Summary		(es) Las versiones de Coolify anteriores a la v4.0.0-beta.420.7 son vulnerables a una vulnerabilidad de ejecución remota de código en el flujo de trabajo de implementación del proyecto. La plataforma permite a usuarios autenticados, con privilegios de miembro de bajo nivel, inyectar comandos de shell arbitrarios a través del campo Repositorio de Git durante la creación del proyecto. Al enviar una cadena de repositorio manipulada con sintaxis de inyección de comandos, un atacante puede ejecutar comandos arbitrarios en el sistema host subyacente, lo que resulta en una vulnerabilidad completa del servidor.

27 Aug 2025, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-27 17:15

Updated : 2025-08-29 16:24

NVD link : CVE-2025-34161

Mitre link : CVE-2025-34161

CVE.ORG link : CVE-2025-34161

JSON object : View

Products Affected

No product.

CWE

CWE-20

Improper Input Validation

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

{"id": "CVE-2025-34161", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.4, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-08-27T17:15:38.297", "references": [{"url": "https://coolify.io/", "source": "disclosure@vulncheck.com"}, {"url": "https://github.com/Eyodav/CVE-2025-34161", "source": "disclosure@vulncheck.com"}, {"url": "https://github.com/coollabsio/coolify/releases/tag/v4.0.0-beta.420.7", "source": "disclosure@vulncheck.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-20"}, {"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "Coolify versions prior to v4.0.0-beta.420.7 are vulnerable to a remote code execution vulnerability in the project deployment workflow. The platform allows authenticated users, with low-level member privileges, to inject arbitrary shell commands via the Git Repository field during project creation. By submitting a crafted repository string containing command injection syntax, an attacker can execute arbitrary commands on the underlying host system, resulting in full server compromise."}, {"lang": "es", "value": "Las versiones de Coolify anteriores a la v4.0.0-beta.420.7 son vulnerables a una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en el flujo de trabajo de implementaci\u00f3n del proyecto. La plataforma permite a usuarios autenticados, con privilegios de miembro de bajo nivel, inyectar comandos de shell arbitrarios a trav\u00e9s del campo Repositorio de Git durante la creaci\u00f3n del proyecto. Al enviar una cadena de repositorio manipulada con sintaxis de inyecci\u00f3n de comandos, un atacante puede ejecutar comandos arbitrarios en el sistema host subyacente, lo que resulta en una vulnerabilidad completa del servidor."}], "lastModified": "2025-08-29T16:24:09.860", "sourceIdentifier": "disclosure@vulncheck.com"}