Description

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.445, parameters coming from docker-compose.yaml are not sanitized when used in commands. If a victim user creates an application from an attacker repository (using build pack "docker compose"), the attacker can execute commands on the Coolify instance as root. Version 4.0.0-beta.445 fixes the issue.

INFO

Published Date :

2026-01-05T19:16:44.379Z

Last Modified :

2026-01-05T19:32:27.040Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-64419 vulnerability.

Vendors Products
Coollabs
  • Coolify
Coollabsio
  • Coolify
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-64419.

URL Resource
https://github.com/coollabsio/coolify/commit/f86ccfaa9af572a5487da8ea46b0a125a4854cf6 cve-icon cve-icon
https://github.com/coollabsio/coolify/security/advisories/GHSA-234r-xrrg-m8f3 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact