CNNVD-202512-4028 Information
CNNVD ID
CNNVD-202512-4028
Related CVE
- CNNVD Published: 2025-12-23
Description (Chinese)
Coolify是coolLabs开源的一个开源和自托管的 Heroku/Netlify/Vercel 替代品。 Coolify 4.0.0-beta.451之前版本存在操作系统命令注入漏洞,该漏洞源于Database Import功能中数据库名未经清理,可能导致命令注入攻击。
Description (English)
Coolify is an open-source and self-hosted Heroku/Netlift/Vercel alternative to the coolLabs open source. The previous version of Coolify 4.0.0-beta.451 had an operational system command leak, which originated from the uncleaned database name in the DataImport function, which could lead to an order injection attack.
Hazard Level
Medium
Vulnerability Type
操作系统命令注入
Affected Vendor
coolLabs
Published
2025-12-23
Last Modified
2026-02-24
References
https://github.com/0xrakan/coolify-cve-2025-66209-66213 https://github.com/coollabsio/coolify/pull/7375 https://github.com/coollabsio/coolify/releases/tag/v4.0.0-beta.451 https://access.redhat.com/security/cve/cve-2025-66210
Patch
https://github.com/coollabsio/coolify/releases
Share on: