CNNVD-202508-3207 Information
Aug 27, 2025
cve
CNNVD ID
CNNVD-202508-3207
Related CVE
- CNNVD Published: 2025-08-27
Description (Chinese)
Coolify是coolLabs开源的一个开源和自托管的 Heroku/Netlify/Vercel 替代品。 Coolify v4.0.0-beta.420.6之前版本存在安全漏洞,该漏洞源于项目创建工作流中存在存储型跨站脚本,可能导致完全控制Coolify实例。
Description (English)
Coolify is an open-source and self-hosted Heroku/Netlift/Vercel alternative to the coolLabs open source. The previous version of Coolify v.4.0.0-beta.420.6 had a security loophole, which stemmed from the existence of a stored cross-site script in the project creation workflow, which could lead to a complete control of the Coolify example.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
coolLabs
Published
2025-08-27
Last Modified
2026-02-24
References
https://github.com/coollabsio/coolify/releases/tag/v4.0.0-beta.420.7 https://github.com/Eyodav/CVE-2025-34157 https://coolify.io/ https://nvd.nist.gov/vuln/detail/CVE-2025-34157
Patch
https://github.com/coollabsio/coolify/releases
Share on: