CVE-2025-66213 is an OS command injection vulnerability identified in Coolify, an open-source, self-hostable platform used for managing servers, applications, and databases. The vulnerability exists in versions prior to 4.0.0-beta.451 within the File Storage Directory Mount Path functionality. Specifically, the file_storage_directory_source parameter is passed directly to shell commands without proper sanitization or neutralization of special characters, which allows an attacker with authenticated access and application/service management permissions to inject arbitrary OS commands. These commands execute with root privileges on the managed servers, leading to full remote code execution (RCE). The vulnerability is classified under CWE-78 (Improper Neutralization of Special Elements used in an OS Command). The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H) reflects a network attack vector with low complexity, no user interaction, and privileges required but with high impact on confidentiality, integrity, and availability. No public exploits have been reported yet, but the severity and ease of exploitation make this a critical threat. The patch was released in version 4.0.0-beta.451, which properly sanitizes the input to prevent command injection. Organizations relying on Coolify should prioritize upgrading and review access controls to mitigate risk.

The impact of CVE-2025-66213 on European organizations is significant due to the potential for complete system compromise. Successful exploitation allows attackers to execute arbitrary commands as root, leading to full control over managed servers, including data theft, service disruption, and lateral movement within networks. This can result in loss of confidentiality, integrity, and availability of critical infrastructure and applications. European enterprises using Coolify for managing production environments, especially in sectors like finance, healthcare, and critical infrastructure, face heightened risks. The vulnerability could facilitate ransomware deployment, espionage, or sabotage. Additionally, regulatory compliance risks arise under GDPR and NIS Directive due to potential data breaches and service outages. The absence of known exploits in the wild provides a window for proactive mitigation, but the critical severity demands immediate attention to prevent exploitation.

To mitigate CVE-2025-66213, European organizations should: 1) Immediately upgrade Coolify installations to version 4.0.0-beta.451 or later, which contains the fix for the command injection vulnerability. 2) Restrict access to Coolify management interfaces to trusted administrators only, using network segmentation, VPNs, or zero-trust access controls. 3) Audit and minimize permissions granted to users, ensuring only necessary application/service management rights are assigned. 4) Implement monitoring and alerting for unusual command execution or privilege escalation activities on managed servers. 5) Conduct regular security assessments and penetration tests focusing on server management tools. 6) Apply host-based intrusion detection systems (HIDS) to detect anomalous root-level command executions. 7) Maintain up-to-date backups and incident response plans to quickly recover from potential compromises. 8) Educate administrators about the risks of command injection vulnerabilities and safe configuration practices. These steps go beyond generic advice by focusing on access control, monitoring, and rapid patch deployment tailored to the Coolify environment.