CVE-2025-34159

Name of the Vulnerable Software and Affected Versions: Coolify versions prior to v4.0.0-beta.420.6

Description: Coolify is susceptible to a remote code execution issue within the application deployment workflow. Authenticated users with low-level member privileges can inject arbitrary Docker Compose directives during project creation. An attacker can achieve full root access to the underlying server by crafting a malicious service definition that mounts the host root filesystem.

Recommendations: Update Coolify to version 4.0.0-beta.420.6 or later.