Eyodav

6 exploits Active since Aug 2025
CVE-2025-54962 NOMISEC MEDIUM WORKING POC
OpenPLC Runtime <9cd8f1b - File Upload
/edit-user in webserver in OpenPLC Runtime 3 through 9cd8f1b allows authenticated users to upload arbitrary files (such as .html or .svg), and these are then publicly accessible under the /static URI.
CVSS 6.4
CVE-2025-34157 NOMISEC CRITICAL WORKING POC
Coolify < 4.0.0-beta.420.6 - Authenticated Stored Cross-Site Scripting in Project Name
Coolify versions prior to v4.0.0-beta.420.6 are vulnerable to a stored cross-site scripting (XSS) attack in the project creation workflow. An authenticated user with low privileges can create a project with a maliciously crafted name containing embedded JavaScript. When an administrator attempts to delete the project or its associated resource, the payload executes in the admin’s browser context. This results in full compromise of the Coolify instance, including theft of API tokens, session cookies, and access to WebSocket-based terminal sessions on managed servers.
CVSS 9.0
CVE-2025-34159 NOMISEC HIGH WORKING POC
Coolify < 4.0.0-beta.420.6 - Authenticated Remote Code Execution via Docker Compose Directive Injection
Coolify versions prior to v4.0.0-beta.420.6 are vulnerable to a remote code execution vulnerability in the application deployment workflow. The platform allows authenticated users, with low-level member privileges, to inject arbitrary Docker Compose directives during project creation. By crafting a malicious service definition that mounts the host root filesystem, an attacker can gain full root access to the underlying server.
CVSS 8.8
CVE-2025-34161 NOMISEC HIGH WRITEUP
Coolify < 4.0.0-beta.420.7 - Authenticated Remote Code Execution via Git Repository Field
Coolify versions prior to v4.0.0-beta.420.7 are vulnerable to a remote code execution vulnerability in the project deployment workflow. The platform allows authenticated users, with low-level member privileges, to inject arbitrary shell commands via the Git Repository field during project creation. By submitting a crafted repository string containing command injection syntax, an attacker can execute arbitrary commands on the underlying host system, resulting in full server compromise.
CVSS 8.8
CVE-2025-34171 NOMISEC MEDIUM WRITEUP
CasaOS <= 0.4.15 - Unauthenticated Sensitive Information Exposure via Image and Debug Endpoints
CasaOS versions up to and including 0.4.15 expose multiple unauthenticated endpoints that allow remote attackers to retrieve sensitive configuration files and system debug information. The /v1/users/image endpoint can be abused with a user-controlled path parameter to access files under /var/lib/casaos/1/, which reveals installed applications and configuration details. Additionally, /v1/sys/debug discloses host operating system, kernel, hardware, and storage information. The endpoints also return distinct error messages, enabling file existence enumeration of arbitrary paths on the underlying host filesystem. This information disclosure can be used for reconnaissance and to facilitate targeted follow-up attacks against services deployed on the host.
CVSS 5.3
CVE-2025-34226 NOMISEC HIGH WORKING POC
OpenPLC Runtime v3 - Persistent Denial of Service via Malformed Epoch Time in Program Upload
OpenPLC Runtime v3 contains an input validation flaw in the /upload-program-action endpoint: the epoch_time field supplied during program uploads is not validated and can be crafted to induce corruption of the programs database. After a successful malformed upload the runtime continues to operate until a restart; on restart the runtime can fail to start because of corrupted database entries, resulting in persistent denial of service requiring complete rebase of the product to recover. This vulnerability was remediated by commit 095ee09.