CVE-2025-24025

Coolify Vulnerable to Reflected XSS on Tag Search

Description

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.380, the tags page allows users to search for tags. If the search does not return any results, the query gets reflected on the error modal, which leads to cross-site scripting. Version 4.0.0-beta.380 fixes the issue.

INFO

Published Date :

2025-01-24T16:46:04.276Z

Last Modified :

2025-01-24T21:01:40.445Z

Source :

GitHub_M

AFFECTED PRODUCTS

The following products are affected by CVE-2025-24025 vulnerability.

Vendors	Products
Coollabs	Coolify

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-24025.

URL	Resource
https://github.com/coollabsio/coolify/security/advisories/GHSA-f2gf-jvmh-vq73

CVSS Vulnerability Scoring System

V4
V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact