CVE-2025-66209

Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.451

Description Coolify is a self-hostable tool for managing servers, applications, and databases. A command injection issue exists in the Database Backup functionality for authenticated users with application/service management permissions. Database names used in backup operations are passed to shell commands without proper sanitization, potentially allowing execution of arbitrary commands as root on managed servers.

Recommendations Update to version 4.0.0-beta.451 or later.