CVE-2025-53374 in dokployinfo

Summary

by MITRE • 07/07/2025

Dokploy is a self-hostable Platform as a Service (PaaS) that simplifies the deployment and management of applications and databases. An authenticated low-privileged account can retrieve detailed profile information about another users in the same organization by directly invoking user.one. The response discloses personally-identifiable information (PII) such as e-mail address, role, two-factor status, organization ID, and various account flags. The fix will be available in the v0.23.7.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Analysis

by VulDB Data Team • 09/29/2025

This vulnerability resides within Dokploy, a self-hostable platform as a service designed to streamline application and database deployment management. The flaw represents a critical authorization bypass issue that allows low-privileged authenticated users to access sensitive user profile data belonging to other members within the same organizational context. The vulnerability manifests through direct API invocation of the user.one endpoint, which improperly validates user permissions and fails to enforce proper access controls between users sharing the same organization.

The technical implementation of this vulnerability stems from inadequate input validation and insufficient access control mechanisms within the application's user management subsystem. When an authenticated user makes a request to the user.one endpoint, the system does not properly verify whether the requesting user has legitimate authorization to access the target user's profile information. This represents a classic authorization flaw that falls under the CWE-285 category of improper authorization, specifically manifesting as insufficient access control checks. The vulnerability enables information disclosure through the exposure of personally-identifiable information including email addresses, user roles, two-factor authentication status, organization identifiers, and various account-specific flags.

The operational impact of this vulnerability extends beyond simple data exposure, creating significant security implications for organizations utilizing Dokploy's platform. Attackers with low-privileged accounts can leverage this flaw to gather intelligence about other users within their organization, potentially enabling social engineering attacks, account takeover attempts, or further privilege escalation. The exposure of two-factor authentication status particularly increases the risk surface, as it reveals which users have additional security protections enabled. This vulnerability directly impacts the principle of least privilege and violates fundamental security concepts around data segregation and user privacy protection.

Security professionals should implement immediate mitigations while awaiting the official v0.23.7 release that will address this issue. Organizations should review and strengthen their access control policies within Dokploy installations, ensuring that proper user role validation occurs before any profile data access requests are processed. The fix should incorporate comprehensive input validation and enforce strict authorization checks that verify the requesting user's relationship to the target user before allowing profile information retrieval. This vulnerability aligns with several ATT&CK tactics including credential access and discovery, as it enables adversaries to gather user credentials and system information that could facilitate further compromise of the platform and its underlying infrastructure.

Responsible

GitHub M

Reservation

06/27/2025

Disclosure

07/07/2025

Moderation

accepted

CPE

ready

EPSS

0.00202

KEV

no

Activities

very low

Sources

Interested in the pricing of exploits?

See the underground prices here!