What is the CVSS score of CVE-2025-66213?

CVE-2025-66213 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.2%.

Which versions of Coolify are affected by CVE-2025-66213?

Organizations using Coolify face significant risk from CVE-2025-66213, a OS command injection vulnerability rated CVSS 8.8.. A patch is available.

Is there a public PoC exploit available for CVE-2025-66213?

Yes, a public proof-of-concept exploit is available for CVE-2025-66213. Prioritise patching immediately. EPSS: 0.2%.

How to fix or mitigate CVE-2025-66213?

Within 7 days: Identify all affected systems and apply vendor patches promptly. Validate that input sanitization is in place for all user-controlled parameters.

Coolify CVE-2025-66213

HIGH

OS Command Injection (CWE-78)

2025-12-23 security-advisories@github.com

RCE Command Injection Coolify

8.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 17, 2026 - 20:45 vuln.today

Patch released

Mar 17, 2026 - 20:45 nvd

Patch available

PoC Detected

Mar 17, 2026 - 17:16 vuln.today

Public exploit code

CVE Published

Dec 23, 2025 - 22:15 nvd

HIGH 8.8

DescriptionNVD

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the File Storage Directory Mount Path functionality allows users with application/service management permissions to execute arbitrary commands as root on managed servers. The file_storage_directory_source parameter is passed directly to shell commands without proper sanitization, enabling full remote code execution on the host system. Version 4.0.0-beta.451 fixes the issue.

AnalysisAI

An authenticated command injection vulnerability in Coolify's File Storage Directory Mount Path functionality allows users with application/service management permissions to execute arbitrary commands as root on managed servers. The vulnerability affects all Coolify versions prior to 4.0.0-beta.451 and has a publicly available proof-of-concept exploit, though current exploitation probability remains relatively low at 0.20% according to EPSS data. Attackers can achieve full remote code execution with root privileges on the host system by exploiting unsanitized input in the file_storage_directory_source parameter.

Technical ContextAI

Coolify is an open-source, self-hostable platform for managing servers, applications, and databases, similar to platforms like Heroku or Netlify but designed for self-hosting. The vulnerability stems from CWE-78 (OS Command Injection), where user-controlled input from the file_storage_directory_source parameter is passed directly to shell commands without proper sanitization or validation. Based on the CPE data, the vulnerability affects the entire 4.0.0 beta series from beta100 through beta450, indicating this is a design flaw that persisted through hundreds of beta releases before being discovered and patched.

RemediationAI

Upgrade Coolify to version 4.0.0-beta.451 or later immediately, which contains the fix for this vulnerability as documented in pull request https://github.com/coollabsio/coolify/pull/7375. The patched version is available from the official releases page at https://github.com/coollabsio/coolify/releases/tag/v4.0.0-beta.451. Until patching is possible, restrict access to the Coolify management interface to trusted administrators only, implement network segmentation to limit exposure, and monitor for suspicious command execution on managed servers.

CVE-2025-66213 vulnerability details – vuln.today

Back

Coolify CVE-2025-66213

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code