CNNVD-202512-4026 Information
CNNVD ID
CNNVD-202512-4026
Related CVE
- CNNVD Published: 2025-12-23
Description (Chinese)
Coolify是coolLabs开源的一个开源和自托管的 Heroku/Netlify/Vercel 替代品。 Coolify 4.0.0-beta.451之前版本存在操作系统命令注入漏洞,该漏洞源于PostgreSQL初始化脚本文件名未经验证,可能导致命令注入攻击。
Description (English)
Coolify is an open-source and self-hosted Heroku/Netlift/Vercel alternative to the coolLabs open source. The previous version of Coolify 4.0.0-beta.451 had an operational system command plug-in, which originated from the unverified name of the PostgreSQL Initialized SQL script document, which could lead to an order injection attack.
Hazard Level
Medium
Vulnerability Type
操作系统命令注入
Affected Vendor
coolLabs
Published
2025-12-23
Last Modified
2026-02-24
References
https://github.com/0xrakan/coolify-cve-2025-66209-66213 https://github.com/coollabsio/coolify/pull/7375 https://github.com/coollabsio/coolify/releases/tag/v4.0.0-beta.451 https://access.redhat.com/security/cve/cve-2025-66211
Patch
https://github.com/coollabsio/coolify/releases
Share on: