CVE-2025-59156

Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.420.7

Description Coolify is a self-hostable tool for managing servers, applications, and databases. A Remote Code Execution (RCE) issue exists in the application deployment workflow. A low-privileged member can inject arbitrary Docker Compose directives during project creation or updates. By defining a malicious service that mounts the host filesystem, an attacker can achieve root-level command execution on the host OS, bypassing container isolation.

Recommendations Update to version 4.0.0-beta.420.7 or later.