Unrated severityNVD Advisory· Published Aug 27, 2025· Updated Nov 19, 2025

Coolify Git Repository Field Command Injection in Project Deployment Workflow

CVE-2025-34161

Description

Coolify versions prior to v4.0.0-beta.420.7 are vulnerable to a remote code execution vulnerability in the project deployment workflow. The platform allows authenticated users, with low-level member privileges, to inject arbitrary shell commands via the Git Repository field during project creation. By submitting a crafted repository string containing command injection syntax, an attacker can execute arbitrary commands on the underlying host system, resulting in full server compromise.

Affected products

Coollabsio/Coolifyllm-fuzzy
Range: <4.0.0-beta.420.7
coolLabs Technologies/Coolifyv5
Range: *

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/coollabsio/coolify/releases/tag/v4.0.0-beta.420.7mitrevendor-advisorypatch
coolify.iomitreproduct

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000