CNNVD-202512-4025 Information
CNNVD ID
CNNVD-202512-4025
Related CVE
- CNNVD Published: 2025-12-23
Description (Chinese)
Coolify是coolLabs开源的一个开源和自托管的 Heroku/Netlify/Vercel 替代品。 Coolify 4.0.0-beta.451之前版本存在操作系统命令注入漏洞,该漏洞源于动态代理配置文件名未经转义,可能导致命令注入攻击。
Description (English)
Coolify is an open-source and self-hosted Heroku/Netlift/Vercel alternative to the coolLabs open source. The previous version of Coolify 4.0.0-beta.451 had a loophole in the operating system command, which originated from the fact that the name of the dynamic agent configuration file had not been changed and could lead to the order being injected into the attack.
Hazard Level
Medium
Vulnerability Type
操作系统命令注入
Affected Vendor
coolLabs
Published
2025-12-23
Last Modified
2026-02-24
References
https://github.com/0xrakan/coolify-cve-2025-66209-66213 https://github.com/coollabsio/coolify/pull/7375 https://github.com/coollabsio/coolify/releases/tag/v4.0.0-beta.451 https://access.redhat.com/security/cve/cve-2025-66212
Patch
https://github.com/coollabsio/coolify/releases
Share on: