RCE in Coollabsio Coolify

CVE-2025-66211

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in PostgreSQL Init Script Filename handling allows users…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.005 (65.6th percentile) — read the EPSS interpretation.