CVE-2025-64424
8.8 HIGH
📋 TL;DR
A command injection vulnerability in Coolify allows low-privileged users (members) to execute arbitrary system commands as root on the Coolify instance. This occurs through git source input fields in resources, potentially leading to complete system compromise. All Coolify instances up to version v4.0.0-beta.434 are affected.
💻 Affected Systems
Products:
- Coolify
Versions: All versions up to and including v4.0.0-beta.434
Operating Systems: Linux, Docker containers
Default Config Vulnerable:
⚠️ Yes
Notes: Requires user with at least 'member' role. Git source input fields in resources are the attack vector.
📦 What is this software?
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
Coolify by Coollabs
⚠️ Risk & Real-World Impact
Worst Case
Complete system takeover with root privileges, data exfiltration, lateral movement to other systems, and persistent backdoor installation.
Likely Case
Unauthorized command execution leading to data theft, service disruption, or cryptocurrency mining.
If Mitigated
Limited impact with proper network segmentation, minimal user privileges, and input validation controls.
🌐 Internet-Facing: HIGH - Internet-facing instances are directly accessible to attackers who can create low-privileged accounts.
🏢 Internal Only: HIGH - Internal users with member access can exploit this to gain root privileges.
🎯 Exploit Status
Public PoC:
⚠️ Yes
Weaponized:
LIKELY
Unauthenticated Exploit:
✅ No
Complexity:
LOW
Exploitation requires authenticated access with member role. Public advisory includes technical details.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: https://github.com/coollabsio/coolify/security/advisories/GHSA-qx24-jhwj-8w6x
Restart Required: Yes
Instructions:
Monitor official Coolify repository for patch release. When available, update to patched version following standard upgrade procedures.
🔧 Temporary Workarounds
Restrict User Privileges
allTemporarily remove 'member' role from all users, granting only 'viewer' or 'owner' roles as needed.
Disable Git Source Input
allTemporarily disable or restrict access to git source input fields in resource configuration.
🧯 If You Can't Patch
- Isolate Coolify instance in separate network segment with strict firewall rules
- Implement comprehensive monitoring and alerting for suspicious command execution patterns
🔍 How to Verify
Check if Vulnerable:
Check Coolify version via web interface or by running 'coolify --version' in container. If version is v4.0.0-beta.434 or earlier, system is vulnerable.Check Version:
coolify --versionVerify Fix Applied:
After applying official patch, verify version is newer than v4.0.0-beta.434 and test git source input fields for command injection.📡 Detection & Monitoring
Log Indicators:
- Unusual command execution in system logs
- Suspicious git operations from Coolify processes
- Unexpected root privilege escalation
Network Indicators:
- Outbound connections from Coolify to unexpected destinations
- Command and control traffic patterns
SIEM Query:
source="coolify" AND (process="bash" OR process="sh" OR cmdline="*;*" OR cmdline="*|*")