Skip to main content

Dokploy EUVD-2025-20276

| CVE-2025-53374 MEDIUM
Exposure of Private Personal Information to an Unauthorized Actor (CWE-359)
2025-07-07 security-advisories@github.com
Information Disclosure Dokploy
4.3
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
4.3 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

4
EUVD ID Assigned
Mar 16, 2026 - 03:37 euvd
EUVD-2025-20276
Analysis Generated
Mar 16, 2026 - 03:37 vuln.today
Patch released
Mar 16, 2026 - 03:37 nvd
Patch available
CVE Published
Jul 07, 2025 - 16:15 nvd
MEDIUM 4.3

DescriptionGitHub Advisory

Dokploy is a self-hostable Platform as a Service (PaaS) that simplifies the deployment and management of applications and databases. An authenticated low-privileged account can retrieve detailed profile information about another users in the same organization by directly invoking user.one. The response discloses personally-identifiable information (PII) such as e-mail address, role, two-factor status, organization ID, and various account flags. The fix will be available in the v0.23.7.

AnalysisAI

A security vulnerability in Dokploy (CVSS 4.3). Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Technical ContextAI

Vulnerability type not specified by vendor. Affects Dokploy.

RemediationAI

Apply the vendor-supplied patch immediately.

Share

EUVD-2025-20276 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy