CVE-2025-59157

Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.420.7

Description Coolify is a self-hostable tool for managing servers, applications, and databases. Versions of Coolify before 4.0.0-beta.420.7 contain a command injection flaw in the Git Repository field during project creation. Insufficient input sanitization allows attackers to inject and execute arbitrary shell commands on the server during the deployment process. A regular member user can exploit this issue. The vulnerability occurs when processing user-supplied input for the Git Repository field.

Recommendations Update to version 4.0.0-beta.420.7 or later.