CVE-2025-22605— Coolify OS Command Injection Vulnerability in SSH Command Generation
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-22605
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Coolify OS Command Injection Vulnerability in SSH Command Generation
Source: NVD (National Vulnerability Database)
Vulnerability Description
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Starting in version 4.0.0-beta.18 and prior to 4.0.0-beta.253, a vulnerability in the execution of commands on remote servers allows an authenticated user to execute arbitrary code on the local Coolify container, gaining access to data and private keys or tokens of other users/teams. The ability to inject malicious commands into the Coolify container gives authenticated attackers the ability to fully retrieve and control the data and availability of the software. Centrally hosted Coolify instances (open registration and/or multiple teams with potentially untrustworthy users) are especially at risk, as sensitive data of all users and connected servers can be leaked by any user. Additionally, attackers are able to modify the running software, potentially deploying malicious images to remote nodes or generally changing its behavior. Version 4.0.0-beta.253 patches this issue.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Coolify 操作系统命令注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Coolify是coolLabs开源的一个开源和自托管的 Heroku/Netlify/Vercel 替代品。 Coolify 4.0.0-beta.18版本至4.0.0-beta.253之前版本存在操作系统命令注入漏洞,该漏洞源于存在命令执行中漏洞,允许经过身份验证的用户在本地容器上执行任意代码,从而访问其他用户/团队的数据和私钥或令牌。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| coollabsio | coolify | >= 4.0.0-beta.18, < 4.0.0-beta.253 | - |
II. Public POCs for CVE-2025-22605
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-22605
请登录查看更多情报信息。
Same Patch Batch · coollabsio · 2025-01-24 · 9 CVEs total
| CVE-2025-22609 | 10.0 CRITICAL | Coolify Vulnerable to Private Key Hijacking / Remote Command Execution (RCE) |
| CVE-2025-22612 | 10.0 CRITICAL | Coolify Vulnerable to Private Key Enumeration on Onboarding resulting in Remote Command Ex |
| CVE-2025-22611 | 10.0 CRITICAL | Coolify vulnerable to Privilege Escalation resulting in Remote Command Execution (RCE) |
| CVE-2025-22608 | 6.5 MEDIUM | Coolify Vulnerable to Revocation of Arbitrary Team Invitations (DOS) |
| CVE-2025-22606 | Coolify Command Injection Vulnerability in Project Name | |
| CVE-2025-22610 | Coolify Vulnerable to OAuth Secrets Leak | |
| CVE-2025-22607 | Coolify Vulnerable to GitHub / GitLab OAuth Secrets Leak | |
| CVE-2025-24025 | Coolify Vulnerable to Reflected XSS on Tag Search |
IV. Related Vulnerabilities
Same product: coolify
- CVE-2025-64425
Coolify has host header injection in forgot password - CVE-2025-64424
Colify has command injection vulnerability in project git so - CVE-2025-64423
Coolify has a Privilege Escalation - low privileged users ca - CVE-2025-64422
Rate-limit bypass on login via X-Forwarded-Host header - CVE-2025-64421
Coolify has a privilege escalation - low privileged user can
Same vendor: coollabsio
- CVE-2025-64425
Coolify has host header injection in forgot password - CVE-2025-64424
Colify has command injection vulnerability in project git so - CVE-2025-64423
Coolify has a Privilege Escalation - low privileged users ca - CVE-2025-64422
Rate-limit bypass on login via X-Forwarded-Host header - CVE-2025-64421
Coolify has a privilege escalation - low privileged user can
Same weakness: CWE-78
- CVE-2026-8273
D-Link DNS-320 system_mgr.cgi cgi_merge_user os command inje - CVE-2026-8272
D-Link DNS-320 webfile_mgr.cgi chown os command injection - CVE-2026-8271
D-Link DNS-320 network_mgr.cgi cgi_upnp_edit os command inje - CVE-2026-8265
Tenda AC6 httpd getLogFile get_log_file os command injection - CVE-2026-8264
Tenda AC6 httpd WifiApScan formWifiApScan os command injecti
V. Comments for CVE-2025-22605
No comments yet