What is the CVSS score of CVE-2025-66212?

CVE-2025-66212 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.2%.

Which versions of Coolify are affected by CVE-2025-66212?

Organizations using Coolify face significant risk from CVE-2025-66212, a OS command injection vulnerability rated CVSS 8.8.. A patch is available.

Is there a public PoC exploit available for CVE-2025-66212?

Yes, a public proof-of-concept exploit is available for CVE-2025-66212. Prioritise patching immediately. EPSS: 0.2%.

How to fix or mitigate CVE-2025-66212?

Within 7 days: Identify all affected systems and apply vendor patches promptly. Validate that input sanitization is in place for all user-controlled parameters.

Coolify CVE-2025-66212

HIGH

OS Command Injection (CWE-78)

2025-12-23 security-advisories@github.com

Command Injection RCE Coolify

8.8

CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

8.8 HIGH

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 17, 2026 - 20:45 vuln.today

Patch released

Mar 17, 2026 - 20:45 nvd

Patch available

PoC Detected

Mar 17, 2026 - 17:16 vuln.today

Public exploit code

CVE Published

Dec 23, 2025 - 22:15 nvd

HIGH 8.8

DescriptionGitHub Advisory

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the Dynamic Proxy Configuration Filename handling allows users with application/service management permissions to execute arbitrary commands as root on managed servers. Proxy configuration filenames are passed to shell commands without proper escaping, enabling full remote code execution. Version 4.0.0-beta.451 fixes the issue.

AnalysisAI

An authenticated command injection vulnerability in Coolify's Dynamic Proxy Configuration Filename handling allows users with application/service management permissions to execute arbitrary commands as root on managed servers. The vulnerability affects all Coolify versions prior to 4.0.0-beta.451, with a publicly available proof-of-concept exploit and moderate exploitation likelihood (EPSS 20%, percentile 41%). Attackers can achieve full remote code execution with root privileges by injecting shell commands through unescaped proxy configuration filenames.

Technical ContextAI

Coolify is an open-source, self-hostable platform for managing servers, applications, and databases, similar to a simplified PaaS solution. The vulnerability stems from CWE-78 (OS Command Injection), where proxy configuration filenames are passed directly to shell commands without proper input sanitization or escaping. Based on the CPE data, the vulnerability affects Coolify versions from at least 4.0.0-beta100 through 4.0.0-beta450, though the wildcard CPE entry suggests earlier versions may also be vulnerable. The issue occurs specifically in the Dynamic Proxy Configuration component where user-supplied filenames are concatenated into shell commands executed with elevated privileges.

RemediationAI

Upgrade Coolify to version 4.0.0-beta.451 or later immediately, as this version includes the fix for the command injection vulnerability (see patch at https://github.com/coollabsio/coolify/pull/7375). Until patching is possible, restrict access to Coolify's management interface to trusted administrators only, implement network segmentation to limit which servers can be managed, and monitor for suspicious command execution on managed servers. Review the vendor's security advisory at https://github.com/coollabsio/coolify/security/advisories/GHSA-q7rg-2j7p-83gp for additional context and ensure all managed servers are audited for potential compromise given the root-level execution capability.

CVE-2025-66212 vulnerability details – vuln.today

Back

Coolify CVE-2025-66212

Severity by source

CVSS VectorGitHub Advisory

Lifecycle Timeline

DescriptionGitHub Advisory

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code