CVE-2025-66213

💻 Affected Systems

📦 What is this software?

⚠️ Risk & Real-World Impact

🎯 Exploit Status

Exploitation requires authenticated access but is straightforward once authentication is obtained. Public proof-of-concept code is available in the referenced GitHub repository.

🔍 How to Verify

Check if your Coolify version is below 4.0.0-beta.451. Review logs for suspicious file_storage_directory_source parameter values containing shell metacharacters.

coolify --version or check the Coolify web interface admin panel

Confirm Coolify version is 4.0.0-beta.451 or later. Test the file storage directory functionality with malicious input to ensure it's properly sanitized.

📡 Detection & Monitoring

process.name:coolify AND (command_line:*file_storage_directory* AND command_line:*[;&|`$]* )

🔗 References

• https://github.com/0xrakan/coolify-cve-2025-66209-66213 Exploit,Third Party Advisory
• https://github.com/coollabsio/coolify/pull/7375 Issue Tracking,Patch
• https://github.com/coollabsio/coolify/releases/tag/v4.0.0-beta.451 Release Notes
• https://github.com/coollabsio/coolify/security/advisories/GHSA-cj2c-9jx8-j427