CVE-2025-34161

Name of the Vulnerable Software and Affected Versions: Coolify versions prior to v4.0.0-beta.420.7

Description: Coolify is vulnerable to a remote code execution issue in the project deployment workflow. Authenticated users with low-level member privileges can inject arbitrary shell commands via the Git Repository field during project creation. By submitting a crafted repository string containing command injection syntax, an attacker can execute arbitrary commands on the underlying host system, potentially leading to full server compromise.

Recommendations: Update Coolify to version 4.0.0-beta.420.7 or later.