CVE-2025-59157 is an OS command injection vulnerability categorized under CWE-78 affecting the Coolify platform by coollabsio, an open-source, self-hostable tool for managing servers, applications, and databases. The vulnerability arises from improper neutralization of special elements in the Git Repository input field during project creation. Specifically, user-supplied input is not sanitized before being incorporated into shell commands executed during the deployment workflow. This flaw allows an attacker with regular member privileges to inject arbitrary shell commands that execute with the permissions of the Coolify server process. The vulnerability affects all versions prior to 4.0.0-beta.420.7, which contains a patch that properly sanitizes input to prevent command injection. The CVSS v3.1 base score is 10.0, reflecting the vulnerability's network attack vector (AV:N), low attack complexity (AC:L), requiring privileges (PR:L) but no user interaction (UI:N), with scope changed (S:C), and high impact on confidentiality (C:H), integrity (I:H), and availability (A:H). Exploitation can lead to full system compromise, data theft, service disruption, and lateral movement within the network. No public exploits have been reported yet, but the vulnerability's nature and severity make it a prime target for attackers once disclosed.

For European organizations, the impact of CVE-2025-59157 can be severe. Coolify is used to manage critical infrastructure components such as servers, applications, and databases; thus, exploitation can lead to unauthorized access to sensitive data, disruption of business-critical services, and potential lateral movement within internal networks. Confidentiality breaches could expose personal data protected under GDPR, leading to regulatory penalties and reputational damage. Integrity violations could corrupt application deployments or database contents, affecting operational reliability. Availability impacts could cause downtime of essential services, harming business continuity. Organizations using vulnerable versions of Coolify in production environments are at high risk, especially those in sectors like finance, healthcare, and government where data sensitivity and service availability are paramount. The ability for a regular member user to exploit this vulnerability increases the threat surface, as insider threats or compromised accounts could be leveraged without elevated privileges or user interaction.

To mitigate CVE-2025-59157, European organizations should immediately upgrade all Coolify instances to version 4.0.0-beta.420.7 or later, where the vulnerability is patched. In addition, implement strict access controls and monitoring on Coolify user accounts, limiting membership privileges to trusted personnel only. Employ network segmentation to isolate Coolify servers from critical infrastructure to reduce lateral movement risk. Enable detailed logging and alerting on deployment workflows to detect anomalous command executions. Conduct regular audits of Coolify configurations and user activities. Where possible, deploy Coolify instances within hardened containers or virtual machines with minimal host permissions to contain potential exploitation impact. Educate users about the risks of injecting untrusted input in deployment configurations. Finally, maintain an incident response plan tailored to handle potential command injection attacks and system compromises.