Vulnerability in Coollabsio Coolify

CVE-2025-59158

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Coolify versions prior to and including v4.0.0-beta.420.6 are vulnerable to a stored cross-site scripting (XSS) attack in the project creat…

EPSS: 0.000 (15.1th percentile) — read the EPSS interpretation.

Affected products

Coollabsio Coolify — versions < 4.0.0-beta.420.7

Weakness classification (CWE)

CWE-116 — Improper Encoding or Escaping of Output

References

https://github.com/coollabsio/coolify/security/advisories/GHSA-h52r-jxv9-9vhf (x_refsource_CONFIRM)