CVE-2025-34159 is a critical remote code execution (RCE) vulnerability affecting Coolify, an application deployment platform developed by coolLabs Technologies. The vulnerability exists in versions prior to v4.0.0-beta.420.6 and stems from improper control over code generation, specifically CWE-94 (Improper Control of Generation of Code). The flaw allows authenticated users with low-level member privileges to inject arbitrary Docker Compose directives during the project creation workflow. By exploiting this, an attacker can craft a malicious service definition that mounts the host's root filesystem inside a container. This effectively grants the attacker full root access to the underlying server hosting the Coolify platform. The vulnerability requires no user interaction beyond authentication and leverages the platform's insufficient validation of Docker Compose configurations. The CVSS 4.0 base score is 9.4 (critical), reflecting the network attack vector, low attack complexity, no required privileges beyond low-level membership, no user interaction, and a high impact on confidentiality, integrity, and availability. Although no public exploits are currently known, the severity and ease of exploitation make this a significant threat. The vulnerability also involves CWE-20 (Improper Input Validation), indicating that the root cause is inadequate sanitization of user-supplied inputs in the deployment workflow. This vulnerability could allow attackers to fully compromise the server, potentially leading to data theft, service disruption, lateral movement within networks, and further compromise of connected systems.

For European organizations using Coolify for application deployment, this vulnerability poses a severe risk. Successful exploitation can lead to complete server compromise, enabling attackers to access sensitive data, modify or delete applications, disrupt services, and potentially pivot to other internal systems. Given the critical nature of the flaw, organizations relying on Coolify for production workloads could face operational downtime, reputational damage, and regulatory consequences under GDPR if personal data is exposed. The ability for low-privilege authenticated users to escalate privileges to root undermines internal security controls and increases insider threat risks. Additionally, the attack vector being network accessible means that any exposed Coolify instances are at risk. The lack of known exploits in the wild currently provides a window for mitigation, but the critical severity demands immediate action. European sectors with high reliance on containerized deployments and DevOps automation, such as finance, healthcare, and critical infrastructure, are particularly vulnerable to the cascading effects of such a compromise.

1. Immediate upgrade to Coolify version v4.0.0-beta.420.6 or later where the vulnerability is patched. If an upgrade is not immediately possible, restrict access to the Coolify deployment interface to trusted internal networks only. 2. Implement strict role-based access controls (RBAC) to limit project creation and deployment privileges only to trusted users. 3. Employ network segmentation and firewall rules to isolate Coolify servers from critical infrastructure and sensitive data stores. 4. Monitor deployment workflows and Docker Compose configurations for anomalous or unauthorized changes, using automated detection tools where possible. 5. Conduct regular audits of user privileges and deployment activities to detect potential misuse. 6. Use container security best practices, such as running containers with least privilege and avoiding mounting host filesystems unless absolutely necessary. 7. Implement host-based intrusion detection systems (HIDS) and endpoint detection and response (EDR) solutions to detect suspicious activities indicative of exploitation attempts. 8. Educate developers and DevOps teams about the risks of injecting untrusted configurations and enforce input validation in deployment pipelines. 9. Maintain up-to-date backups and incident response plans to recover quickly in case of compromise.