CVE-2025-66210 in coolify
Summary
by MITRE • 12/24/2025
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the Database Import functionality allows users with application/service management permissions to execute arbitrary commands as root on managed servers. Database names used in import operations are passed directly to shell commands without sanitization, enabling full remote code execution. Version 4.0.0-beta.451 fixes the issue.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 01/07/2026
The vulnerability identified as CVE-2025-66210 affects Coolify, an open-source self-hostable platform designed for managing servers, applications, and databases. This security flaw exists within the Database Import functionality and represents a critical authentication-based command injection vulnerability that has significant implications for system security. The vulnerability specifically impacts versions prior to 4.0.0-beta.451, making all earlier releases susceptible to exploitation by authenticated users who possess application or service management permissions. The flaw stems from improper input validation and sanitization mechanisms within the database import process, creating a pathway for malicious command execution that can escalate privileges to root level access on managed servers.
The technical implementation of this vulnerability occurs when database names provided during import operations are directly incorporated into shell commands without any form of sanitization or parameterization. This design flaw allows an authenticated attacker to inject malicious commands that get executed within the system shell context with root privileges. The vulnerability manifests as a classic command injection attack vector where user-supplied input flows directly into system commands, bypassing all standard security controls and validation mechanisms. The absence of proper input sanitization creates an environment where attackers can manipulate the import process to execute arbitrary system commands, potentially leading to complete system compromise.
The operational impact of this vulnerability extends far beyond simple unauthorized command execution, as it enables full system compromise with root privileges. An attacker with database import permissions can leverage this vulnerability to gain complete control over managed servers, potentially leading to data exfiltration, system modification, service disruption, or even lateral movement within network environments. The severity is amplified by the fact that the vulnerability requires only basic application management permissions, which may be granted to users who should not have such elevated privileges. This creates a dangerous privilege escalation scenario where users with limited access can achieve root-level control over critical infrastructure components.
The vulnerability aligns with CWE-77 and CWE-94 categories from the Common Weakness Enumeration catalog, specifically addressing command injection weaknesses and improper input validation issues. From the MITRE ATT&CK framework perspective, this vulnerability maps to techniques involving command and scripting interpreter execution, privilege escalation, and persistence mechanisms. The attack surface is particularly concerning given that Coolify's functionality is designed for server management, making the potential impact on production environments substantial. Organizations relying on this platform for infrastructure management face significant risk exposure, particularly in environments where multiple users have access to database import capabilities.
Organizations should immediately implement mitigation strategies including upgrading to version 4.0.0-beta.451 or later, which contains the necessary security fixes. Additionally, administrators should review and restrict database import permissions to minimize the attack surface, implementing principle of least privilege access controls. Network segmentation and monitoring should be enhanced to detect suspicious command execution patterns, while input validation mechanisms should be strengthened across all user-supplied data entry points. Regular security audits and penetration testing should be conducted to identify similar vulnerabilities in other components of the platform, ensuring comprehensive protection against command injection attacks. The fix implemented in the patched version addresses the core sanitization issue by properly validating and escaping database names before incorporating them into shell commands, thereby preventing the injection of malicious payloads.