CNNVD-202512-4019 Information
CNNVD ID
CNNVD-202512-4019
Related CVE
- CNNVD Published: 2025-12-23
Description (Chinese)
Coolify是coolLabs开源的一个开源和自托管的 Heroku/Netlify/Vercel 替代品。 Coolify 4.0.0-beta.451之前版本存在操作系统命令注入漏洞,该漏洞源于file_storage_directory_source参数未经清理,可能导致命令注入攻击。
Description (English)
Coolify is an open-source and self-hosted Heroku/Netlift/Vercel alternative to the coolLabs open source. The previous version of Coolify 4.0.0-bita.451 had an operational system command leak, which originated from the fact that the parameters of file storage directory source had not been cleared and could lead to an order injection attack.
Hazard Level
Medium
Vulnerability Type
操作系统命令注入
Affected Vendor
coolLabs
Published
2025-12-23
Last Modified
2026-02-24
References
https://github.com/0xrakan/coolify-cve-2025-66209-66213 https://github.com/coollabsio/coolify/pull/7375 https://github.com/coollabsio/coolify/releases/tag/v4.0.0-beta.451 https://access.redhat.com/security/cve/cve-2025-66213
Patch
https://github.com/coollabsio/coolify/releases
Share on: