EUVD-2025-21402CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
Lifecycle Timeline
4Description
Dokploy is a free, self-hostable Platform as a Service (PaaS). Prior to version 0.24.3, an unauthenticated preview deployment vulnerability in Dokploy allows any user to execute arbitrary code and access sensitive environment variables by simply opening a pull request on a public repository. This exposes secrets and potentially enables remote code execution, putting all public Dokploy users using these preview deployments at risk. Version 0.24.3 contains a fix for the issue.
Analysis
CVE-2025-53825 is a critical unauthenticated remote code execution vulnerability in Dokploy versions prior to 0.24.3, where attackers can execute arbitrary code and access sensitive environment variables by simply opening a pull request on a public repository. This vulnerability affects all public Dokploy instances utilizing preview deployments and carries a CVSS score of 9.4 (Critical), with no authentication or user interaction required, making it immediately exploitable by any network-adjacent attacker.
Technical Context
The vulnerability stems from improper access control (CWE-862: Missing Authorization) in Dokploy's preview deployment feature, a common PaaS capability that automatically deploys code from pull requests for testing. The flaw allows unauthenticated users to trigger deployment workflows without proper authorization checks, exposing the preview environment's execution context—including environment variables containing secrets, API keys, and database credentials. The root cause is insufficient authorization validation on the preview deployment endpoint, failing to verify that the requester has legitimate access to the repository or deployment configuration before executing the deployment pipeline. Dokploy is a self-hostable PaaS platform (CPE would be: cpe:2.3:a:dokploy:dokploy:*:*:*:*:*:*:*:*), and versions prior to 0.24.3 are affected.
Affected Products
[{'product': 'Dokploy', 'vendor': 'Dokploy Project', 'affected_versions': '< 0.24.3', 'fixed_version': '0.24.3', 'configuration': 'Self-hosted instances with preview deployments enabled on public repositories', 'cpe': 'cpe:2.3:a:dokploy:dokploy:*:*:*:*:*:*:*:*'}]
Remediation
[{'type': 'Patch', 'action': 'Upgrade Dokploy to version 0.24.3 or later immediately', 'priority': 'Critical', 'details': 'The fixed version (0.24.3) implements proper authorization checks on preview deployment endpoints to ensure only authenticated and authorized users can trigger deployments.'}, {'type': 'Temporary Mitigation', 'action': 'Disable preview deployments feature if not immediately patchable', 'details': 'Temporarily disable the preview deployment functionality in Dokploy settings to prevent exploitation until patch is applied.'}, {'type': 'Temporary Mitigation', 'action': 'Restrict repository access', 'details': 'Make repositories private or restrict pull request permissions to trusted collaborators only, reducing the attack surface.'}, {'type': 'Temporary Mitigation', 'action': 'Rotate secrets and credentials', 'details': 'Immediately rotate all environment variables, API keys, database credentials, and other secrets exposed through preview deployments, as they may have been accessed by attackers.'}, {'type': 'Detection', 'action': 'Monitor deployment logs', 'details': 'Review Dokploy logs for unexpected preview deployments triggered from unknown or untrusted pull requests prior to patching.'}]
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today