Description

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.420.7, the Git Repository field during project creation is vulnerable to command injection. User input is not properly sanitized, allowing attackers to inject arbitrary shell commands that execute on the underlying server during the deployment workflow. A regular member user can exploit this vulnerability. Version 4.0.0-beta.420.7 contains a patch for the issue.

INFO

Published Date :

2026-01-05T17:41:29.557Z

Last Modified :

2026-01-05T19:38:25.314Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-59157 vulnerability.

Vendors Products
Coollabs
  • Coolify
Coollabsio
  • Coolify
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-59157.

URL Resource
https://github.com/coollabsio/coolify/security/advisories/GHSA-5cg9-38qj-8mc3 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact