Eyodav/CVE-2025-34157
GitHub
Releases0
A stored XSS in the project delete flow allows execution of attacker-controlled JavaScript in an administrator’s browser when the admin attempts to delete a project created by a low-privileged user. This can lead to takeover of the Coolify instance (cookies, API tokens, WebSocket/terminal actions)
Subscribe above to receive notifications when new versions are released.
| Version | Date | Stability Stability is determined by the version string and my be inaccurate. |
|---|
PreviousNext