Exploitation Summary
EIP tracks 1 public exploit for CVE-2025-66212. PoCs published by 0xrakan.
AI-analyzed exploit summary This repository provides a detailed technical analysis of five authenticated command injection vulnerabilities in Coolify, affecting versions prior to v4.0.0-beta.451. The writeup includes root cause analysis, impact assessment, and remediation guidance, but withholds proof-of-concept exploits to allow users time to upgrade.
Description
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the Dynamic Proxy Configuration Filename handling allows users with application/service management permissions to execute arbitrary commands as root on managed servers. Proxy configuration filenames are passed to shell commands without proper escaping, enabling full remote code execution. Version 4.0.0-beta.451 fixes the issue.
Exploits (1)
This repository provides a detailed technical analysis of five authenticated command injection vulnerabilities in Coolify, affecting versions prior to v4.0.0-beta.451. The writeup includes root cause analysis, impact assessment, and remediation guidance, but withholds proof-of-concept exploits to allow users time to upgrade.
References (4)
Scores
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H