CVE-2025-24025 LOW

CVE-2025-24025: Coolify Vulnerable to Reflected XSS on Tag Search

Vendor Coollabsio
Product coolify
Weakness CWE-116
Published January 24, 2025
Last update January 24, 2025

CVSS base score

1.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U

What the vulnerability does

01Description

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.380, the tags page allows users to search for tags. If the search does not return any results, the query gets reflected on the error modal, which leads to cross-site scripting. Version 4.0.0-beta.380 fixes the issue.

Key dates

02Disclosure timeline

January 24, 2025 CVE published
January 24, 2025 Record updated