Vulnerabilities ›

CVE-2025-64419

Critical ⚡ Exploit Available

Critical Command Injection in Coolify Docker Compose Allows Root Access

CWE-77 — Weakness Type

                    Published: Jan 5, 2026                      ·  Modified: Feb 28, 2026                      ·  Source: NVD                

CVSS v3

9.6

🔗 NVD Official

📄 Description (English)

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.445, parameters coming from docker-compose.yaml are not sanitized when used in commands. If a victim user creates an application from an attacker repository (using build pack "docker compose"), the attacker can execute commands on the Coolify instance as root. Version 4.0.0-beta.445 fixes the issue.

🤖 AI Executive Summary

Coolify versions before 4.0.0-beta.445 suffer from command injection vulnerability in docker-compose.yaml parameter handling, allowing attackers to execute arbitrary commands as root. Organizations using Coolify for infrastructure management must immediately upgrade to patch this critical vulnerability.

📄 Description (Arabic)

يحتوي Coolify على ثغرة حقن أوامر حرجة في معالجة معاملات docker-compose.yaml التي لم يتم تعقيمها بشكل صحيح. يمكن لمهاجم إنشاء مستودع ضار يحتوي على ملف docker-compose.yaml مصمم بشكل خاص لتنفيذ أوامر تعسفية بصلاحيات root عند استخدام حزمة البناء. هذا يسمح بالتحكم الكامل في مثيل Coolify والبنية التحتية المرتبطة به.

🤖 ملخص تنفيذي (AI)

🤖 AI Intelligence Analysis Analyzed: Apr 12, 2026 15:34

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: high

🏢 Affected Saudi Sectors

government telecom energy banking

🎯 MITRE ATT&CK Techniques

T1190 T1059 T1543

⚖️ Saudi Risk Score (AI)

10.0

/ 10.0

🔧 Remediation Steps (English)

Immediately upgrade Coolify to version 4.0.0-beta.445 or later. Restrict access to Coolify instances to trusted users only. Implement network segmentation to limit lateral movement if compromise occurs. Review docker-compose.yaml files from untrusted sources before deployment. Monitor Coolify logs for suspicious command execution patterns.

🔧 خطوات المعالجة (العربية)

قم بترقية Coolify فوراً إلى الإصدار 4.0.0-beta.445 أو أحدث. قيد الوصول إلى مثيلات Coolify للمستخدمين الموثوقين فقط. طبق تقسيم الشبكة لتحديد الحركة الجانبية في حالة الاختراق. راجع ملفات docker-compose.yaml من المصادر غير الموثوقة قبل النشر. راقب سجلات Coolify للأنماط المريبة في تنفيذ الأوامر.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

A.7.1 A.12.2.1 A.12.6.1

🔵 SAMA CSF

ID.BE-1 PR.AC-1 PR.AC-3 DE.CM-1

🟡 ISO 27001:2022

A.6.1.1 A.12.2.1 A.12.6.1 A.14.2.1

🔗 References & Sources 2

🔗

https://github.com/coollabsio/coolify/commit/f86ccfaa9af572a5487da8ea46b0a125a4854cf6

security-advisories@github.com

Patch

🔗

https://github.com/coollabsio/coolify/security/advisories/GHSA-234r-xrrg-m8f3

security-advisories@github.com

Exploit Vendor Advisory

📦 Affected Products / CPE 50 entries

coollabs:coolify

coollabs:coolify:4.0.0

📊 CVSS Score

9.6

/ 10.0 — Critical

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredN — None / Network

User InteractionR — Required

ScopeC — Changed

ConfidentialityH — High

IntegrityH — High

AvailabilityH — High

📋 Quick Facts

Severity Critical

CVSS Score9.6

CWECWE-77

EPSS0.09%

Exploit ✓ Yes

Patch ✓ Yes

Published 2026-01-05

Source Feed nvd

🇸🇦 Saudi Risk Score

10.0

/ 10.0 — Saudi Risk

Priority: CRITICAL

🏷️ Tags

exploit-available patch-available CWE-77

🏢 Vendor Advisories

🔗 https://github.com/coollabsio/coolify/security/advis...

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2025-64419

Join CISO Consulting

Introduce Yourself

Sign In Required