CVE-2025-34161 is a critical remote code execution (RCE) vulnerability affecting Coolify, a deployment platform developed by coolLabs Technologies. The vulnerability exists in all versions prior to v4.0.0-beta.420.7 and stems from improper input sanitization of the Git Repository field during project creation. Specifically, authenticated users with low-level member privileges can inject arbitrary shell commands by submitting specially crafted repository strings containing command injection syntax. This flaw is categorized under CWE-78 (Improper Neutralization of Special Elements used in an OS Command) and CWE-20 (Improper Input Validation). Because the platform executes commands based on the repository input without proper neutralization, an attacker can execute arbitrary commands on the underlying host system. This leads to full server compromise, including potential data theft, service disruption, or pivoting within the network. The vulnerability requires no user interaction beyond authentication with low-level privileges, making exploitation relatively straightforward once access is obtained. The CVSS 4.0 base score of 9.4 reflects the high impact on confidentiality, integrity, and availability, combined with low attack complexity and no need for user interaction. No known public exploits have been reported yet, but the severity and ease of exploitation make this a significant threat to any organization using vulnerable versions of Coolify.

For European organizations, the impact of this vulnerability can be severe. Coolify is used for project deployment workflows, often in development and production environments. Exploitation could lead to complete server takeover, allowing attackers to access sensitive data, disrupt services, or use compromised servers as a foothold for further attacks within the corporate network. This could result in intellectual property theft, operational downtime, and damage to reputation. Given the critical nature of the flaw and the low privilege required to exploit it, attackers could leverage compromised user accounts or social engineering to gain initial access and then escalate via this vulnerability. Organizations in sectors with stringent data protection requirements, such as finance, healthcare, and government, face increased regulatory and compliance risks if exploited. Additionally, the potential for lateral movement within networks could expose broader IT infrastructure to compromise, amplifying the threat's impact.

To mitigate this vulnerability, European organizations should immediately upgrade Coolify to version 4.0.0-beta.420.7 or later, where the issue is resolved. If upgrading is not immediately feasible, organizations should restrict access to the Coolify platform to trusted users only and enforce strict authentication and authorization controls, minimizing the number of users with project creation privileges. Implement input validation and sanitization controls at the application level to detect and block suspicious repository strings containing shell metacharacters or command injection patterns. Network segmentation should be employed to isolate deployment servers from critical infrastructure to limit lateral movement in case of compromise. Monitoring and logging of repository creation activities should be enhanced to detect anomalous inputs or behavior indicative of exploitation attempts. Additionally, organizations should conduct regular security assessments and penetration tests focusing on deployment platforms to identify similar injection flaws. Finally, educating developers and administrators about secure coding and deployment practices can help prevent recurrence of such vulnerabilities.