CVE-2025-34157
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-08-27
Last updated on: 2025-09-19
Assigner: VulnCheck
Description
Description
Coolify versions prior to v4.0.0-beta.420.6 are vulnerable to a stored cross-site scripting (XSS) attack in the project creation workflow. An authenticated user with low privileges can create a project with a maliciously crafted name containing embedded JavaScript. When an administrator attempts to delete the project or its associated resource, the payload executes in the adminβs browser context. This results in full compromise of the Coolify instance, including theft of API tokens, session cookies, and access to WebSocket-based terminal sessions on managed servers.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| coollabs | coolify | to 4.0.0 (exc) |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
| coollabs | coolify | 4.0.0 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a stored cross-site scripting (XSS) attack in Coolify versions prior to v4.0.0-beta.420.6. An authenticated user with low privileges can create a project with a maliciously crafted name containing embedded JavaScript. When an administrator tries to delete the project or its associated resource, the malicious script executes in the admin's browser context, leading to a full compromise of the Coolify instance.
How can this vulnerability impact me? :
The vulnerability can lead to a full compromise of the Coolify instance. This includes theft of API tokens, session cookies, and access to WebSocket-based terminal sessions on managed servers, potentially allowing attackers to control deployments, access sensitive data, and manage servers remotely.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves identifying projects with maliciously crafted names containing embedded JavaScript in Coolify instances prior to v4.0.0-beta.420.6. Since the vulnerability triggers when an administrator interacts with such projects, inspecting project names for suspicious script tags or JavaScript payloads is key. Commands or queries to list projects and their names via Coolify's API or database can help. For example, querying the project list via the Coolify API or directly inspecting the database entries for project names containing <script> tags or suspicious JavaScript code can indicate exploitation attempts or vulnerable projects. Specific commands depend on your deployment but might include API calls or database queries filtering project names for script tags.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading Coolify to version v4.0.0-beta.420.6 or later, where the vulnerability is fixed. Additionally, restrict project creation permissions to trusted users only, and audit existing projects for malicious names containing embedded JavaScript. Avoid deleting projects with suspicious names until the system is patched, as deletion triggers the payload execution. Implement monitoring for unusual administrator browser activity and consider isolating administrator sessions until the patch is applied.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70