What is the CVSS score of CVE-2025-66211?

CVE-2025-66211 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.4%.

Which versions of PostgreSQL are affected by CVE-2025-66211?

Organizations using Coolify face significant risk from CVE-2025-66211, a OS command injection vulnerability rated CVSS 8.8.

Is there a public PoC exploit available for CVE-2025-66211?

Yes, a public proof-of-concept exploit is available for CVE-2025-66211. Prioritise patching immediately. EPSS: 0.4%.

How to fix or mitigate CVE-2025-66211?

Within 7 days: Identify all affected systems and apply vendor patches promptly. Validate that input sanitization is in place for all user-controlled parameters.

PostgreSQL CVE-2025-66211

HIGH

OS Command Injection (CWE-78)

2025-12-23 security-advisories@github.com

Command Injection PostgreSQL RCE Privilege Escalation Docker Coolify

8.8

CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

8.8 HIGH

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 17, 2026 - 20:45 vuln.today

PoC Detected

Mar 17, 2026 - 17:16 vuln.today

Public exploit code

CVE Published

Dec 23, 2025 - 22:15 nvd

HIGH 8.8

DescriptionGitHub Advisory

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in PostgreSQL Init Script Filename handling allows users with application/service management permissions to execute arbitrary commands as root on managed servers. PostgreSQL initialization script filenames are passed to shell commands without proper validation, enabling full remote code execution. Version 4.0.0-beta.451 fixes the issue.

AnalysisAI

An authenticated command injection vulnerability in Coolify's PostgreSQL initialization script handling allows attackers with application/service management permissions to execute arbitrary commands as root on managed servers. The vulnerability affects all Coolify versions prior to 4.0.0-beta.451 and enables full remote code execution through unsanitized PostgreSQL init script filenames passed to shell commands. A public proof-of-concept exploit is available, and while not currently in CISA KEV, the vulnerability has a moderate EPSS score of 0.41% indicating some exploitation probability.

Technical ContextAI

Coolify is an open-source platform-as-a-service (PaaS) tool used for self-hosting and managing servers, applications, and databases. The vulnerability stems from CWE-78 (Improper Neutralization of Special Elements used in an OS Command), where PostgreSQL initialization script filenames are passed directly to shell commands without proper input validation or sanitization. Based on the CPE data, this affects the entire Coolify 4.0.0 beta series from beta100 through beta450, with the core issue being that user-controlled input (the init script filename) can contain shell metacharacters that are interpreted when passed to system commands, allowing command injection.

RemediationAI

Upgrade Coolify to version 4.0.0-beta.451 or later, which contains the fix for this vulnerability as documented in the release notes at https://github.com/coollabsio/coolify/releases/tag/v4.0.0-beta.451 and pull request https://github.com/coollabsio/coolify/pull/7375. Until patching is possible, restrict access to Coolify's application and service management functions to only highly trusted administrators, implement network segmentation to limit exposure of the Coolify interface, and monitor system logs for suspicious command execution patterns. The vendor security advisory at https://github.com/coollabsio/coolify/security/advisories/GHSA-24mp-fc9q-c884 provides additional context.