CVE-2025-53374
📋 TL;DR
An authenticated low-privileged user in Dokploy can access detailed profile information of other users in the same organization, exposing personally-identifiable information (PII) like email addresses, roles, and account status. This affects organizations using vulnerable versions of Dokploy where multiple users share the same organizational context.
💻 Affected Systems
- Dokploy
📦 What is this software?
Dokploy by Dokploy
⚠️ Risk & Real-World Impact
Worst Case
Attackers could harvest PII for all organization users, enabling targeted phishing, credential stuffing, or social engineering attacks against administrators and privileged accounts.
Likely Case
Internal users could access colleagues' contact information and account details, violating privacy expectations and potentially enabling lateral movement through credential reuse.
If Mitigated
Limited exposure of non-sensitive user metadata with proper access controls and monitoring in place.
🎯 Exploit Status
Exploitation requires authenticated access but minimal technical skill - essentially making a direct API call to user.one endpoint.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: v0.23.7
Vendor Advisory: https://github.com/Dokploy/dokploy/security/advisories/GHSA-fcq8-wv2q-f758
Restart Required: Yes
Instructions:
1. Backup your Dokploy instance and data. 2. Update to v0.23.7 or later using your deployment method (Docker, manual, etc.). 3. Restart the Dokploy service. 4. Verify the update completed successfully.
🔧 Temporary Workarounds
Restrict User Access
allLimit low-privileged user accounts and implement strict access controls until patching is possible.
Network Segmentation
allIsolate Dokploy deployment from general user networks to reduce attack surface.
🧯 If You Can't Patch
- Implement strict monitoring of user.one API endpoint access in application logs
- Review and minimize low-privileged user accounts in Dokploy organizations
🔍 How to Verify
Check if Vulnerable:
Check if authenticated low-privileged user can access user.one endpoint with another user's ID and retrieve PII.Check Version:
Check Dokploy version in admin interface or via deployment configuration (e.g., docker inspect for container version)Verify Fix Applied:
After updating to v0.23.7+, verify that low-privileged users cannot access other users' PII through the user.one endpoint.📡 Detection & Monitoring
Log Indicators:
- Multiple requests to user.one endpoint from low-privileged accounts
- Unusual pattern of user profile access
Network Indicators:
- API calls to /api/user.one with different user IDs from same source
SIEM Query:
source="dokploy" AND endpoint="user.one" AND user_role="low_privilege" | stats count by src_ip, user_id