Search criteria
7 vulnerabilities by Dokploy
CVE-2026-24841 (GCVE-0-2026-24841)
Vulnerability from cvelistv5 – Published: 2026-01-28 00:18 – Updated: 2026-01-28 14:59
VLAI?
Title
Dokploy Vulnerable to Authenticated Remote Code Execution via Command Injection in Docker Container Terminal WebSocket Endpoint
Summary
Dokploy is a free, self-hostable Platform as a Service (PaaS). In versions prior to 0.26.6, a critical command injection vulnerability exists in Dokploy's WebSocket endpoint `/docker-container-terminal`. The `containerId` and `activeWay` parameters are directly interpolated into shell commands without sanitization, allowing authenticated attackers to execute arbitrary commands on the host server. Version 0.26.6 fixes the issue.
Severity ?
9.9 (Critical)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24841",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-28T14:58:12.909662Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-28T14:59:11.561Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "dokploy",
"vendor": "Dokploy",
"versions": [
{
"status": "affected",
"version": "\u003c 0.26.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Dokploy is a free, self-hostable Platform as a Service (PaaS). In versions prior to 0.26.6, a critical command injection vulnerability exists in Dokploy\u0027s WebSocket endpoint `/docker-container-terminal`. The `containerId` and `activeWay` parameters are directly interpolated into shell commands without sanitization, allowing authenticated attackers to execute arbitrary commands on the host server. Version 0.26.6 fixes the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-28T00:18:23.724Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Dokploy/dokploy/security/advisories/GHSA-vx6x-6559-x35r",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Dokploy/dokploy/security/advisories/GHSA-vx6x-6559-x35r"
},
{
"name": "https://github.com/Dokploy/dokploy/commit/74e0bd5fe3ef7199f44fcd19c6f5a2f09b806d6f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Dokploy/dokploy/commit/74e0bd5fe3ef7199f44fcd19c6f5a2f09b806d6f"
},
{
"name": "https://github.com/Dokploy/dokploy/blob/canary/apps/dokploy/server/wss/docker-container-terminal.ts",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Dokploy/dokploy/blob/canary/apps/dokploy/server/wss/docker-container-terminal.ts"
}
],
"source": {
"advisory": "GHSA-vx6x-6559-x35r",
"discovery": "UNKNOWN"
},
"title": "Dokploy Vulnerable to Authenticated Remote Code Execution via Command Injection in Docker Container Terminal WebSocket Endpoint"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-24841",
"datePublished": "2026-01-28T00:18:23.724Z",
"dateReserved": "2026-01-27T14:51:03.059Z",
"dateUpdated": "2026-01-28T14:59:11.561Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-24840 (GCVE-0-2026-24840)
Vulnerability from cvelistv5 – Published: 2026-01-28 00:15 – Updated: 2026-01-28 15:01
VLAI?
Title
Dokploy uses hardcoded credentials in installation script, which could result in database access
Summary
Dokploy is a free, self-hostable Platform as a Service (PaaS). In versions prior to 0.26.6, a hardcoded credential in the provided installation script (located at https://dokploy.com/install.sh, line 154) uses a hardcoded password when creating the database container. This means that nearly all Dokploy installations use the same database credentials and could be compromised. Version 0.26.6 contains a patch for the issue.
Severity ?
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24840",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-28T15:00:24.223741Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-28T15:01:06.280Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "dokploy",
"vendor": "Dokploy",
"versions": [
{
"status": "affected",
"version": "\u003c 0.26.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Dokploy is a free, self-hostable Platform as a Service (PaaS). In versions prior to 0.26.6, a hardcoded credential in the provided installation script (located at https://dokploy.com/install.sh, line 154) uses a hardcoded password when creating the database container. This means that nearly all Dokploy installations use the same database credentials and could be compromised. Version 0.26.6 contains a patch for the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798: Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-28T00:15:57.299Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Dokploy/dokploy/security/advisories/GHSA-jr65-3j3w-gjmc",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Dokploy/dokploy/security/advisories/GHSA-jr65-3j3w-gjmc"
},
{
"name": "https://github.com/Dokploy/dokploy/commit/b902c160a256ad345ac687c87eb092f1fab2c64d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Dokploy/dokploy/commit/b902c160a256ad345ac687c87eb092f1fab2c64d"
}
],
"source": {
"advisory": "GHSA-jr65-3j3w-gjmc",
"discovery": "UNKNOWN"
},
"title": "Dokploy uses hardcoded credentials in installation script, which could result in database access"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-24840",
"datePublished": "2026-01-28T00:15:57.299Z",
"dateReserved": "2026-01-27T14:51:03.059Z",
"dateUpdated": "2026-01-28T15:01:06.280Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-24839 (GCVE-0-2026-24839)
Vulnerability from cvelistv5 – Published: 2026-01-28 00:01 – Updated: 2026-01-28 15:02
VLAI?
Title
Dokploy has a clickjacking vulnerability - Missing X-Frame-Options and CSP frame-ancestors headers
Summary
Dokploy is a free, self-hostable Platform as a Service (PaaS). In versions prior to 0.26.6, the Dokploy web interface is vulnerable to Clickjacking attacks due to missing frame-busting headers. This allows attackers to embed Dokploy pages in malicious iframes and trick authenticated users into performing unintended actions. Version 0.26.6 patches the issue.
Severity ?
4.7 (Medium)
CWE
- CWE-1021 - Improper Restriction of Rendered UI Layers or Frames
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24839",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-28T15:01:38.667953Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-28T15:02:29.344Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "dokploy",
"vendor": "Dokploy",
"versions": [
{
"status": "affected",
"version": "\u003c 0.26.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Dokploy is a free, self-hostable Platform as a Service (PaaS). In versions prior to 0.26.6, the Dokploy web interface is vulnerable to Clickjacking attacks due to missing frame-busting headers. This allows attackers to embed Dokploy pages in malicious iframes and trick authenticated users into performing unintended actions. Version 0.26.6 patches the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1021",
"description": "CWE-1021: Improper Restriction of Rendered UI Layers or Frames",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-28T00:01:49.253Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Dokploy/dokploy/security/advisories/GHSA-c94j-8wgf-2q9q",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Dokploy/dokploy/security/advisories/GHSA-c94j-8wgf-2q9q"
},
{
"name": "https://github.com/Dokploy/dokploy/pull/3500",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Dokploy/dokploy/pull/3500"
},
{
"name": "https://github.com/Dokploy/dokploy/commit/9714695d5a78fe24496f989ab81807ba04699df8",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Dokploy/dokploy/commit/9714695d5a78fe24496f989ab81807ba04699df8"
}
],
"source": {
"advisory": "GHSA-c94j-8wgf-2q9q",
"discovery": "UNKNOWN"
},
"title": "Dokploy has a clickjacking vulnerability - Missing X-Frame-Options and CSP frame-ancestors headers"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-24839",
"datePublished": "2026-01-28T00:01:49.253Z",
"dateReserved": "2026-01-27T14:51:03.059Z",
"dateUpdated": "2026-01-28T15:02:29.344Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-53825 (GCVE-0-2025-53825)
Vulnerability from cvelistv5 – Published: 2025-07-14 22:44 – Updated: 2025-07-15 19:49
VLAI?
Title
Dokploy's Preview Deployments are vulnerable to Remote Code Execution
Summary
Dokploy is a free, self-hostable Platform as a Service (PaaS). Prior to version 0.24.3, an unauthenticated preview deployment vulnerability in Dokploy allows any user to execute arbitrary code and access sensitive environment variables by simply opening a pull request on a public repository. This exposes secrets and potentially enables remote code execution, putting all public Dokploy users using these preview deployments at risk. Version 0.24.3 contains a fix for the issue.
Severity ?
9.4 (Critical)
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53825",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-15T13:26:18.899783Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-15T19:49:44.231Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/Dokploy/dokploy/security/advisories/GHSA-h67g-mpq5-6ph5"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "dokploy",
"vendor": "Dokploy",
"versions": [
{
"status": "affected",
"version": "\u003c 0.24.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Dokploy is a free, self-hostable Platform as a Service (PaaS). Prior to version 0.24.3, an unauthenticated preview deployment vulnerability in Dokploy allows any user to execute arbitrary code and access sensitive environment variables by simply opening a pull request on a public repository. This exposes secrets and potentially enables remote code execution, putting all public Dokploy users using these preview deployments at risk. Version 0.24.3 contains a fix for the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-14T22:44:22.246Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Dokploy/dokploy/security/advisories/GHSA-h67g-mpq5-6ph5",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Dokploy/dokploy/security/advisories/GHSA-h67g-mpq5-6ph5"
},
{
"name": "https://github.com/Dokploy/dokploy/commit/1977235d313824b9764f1a06785fb7f73ab7eba2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Dokploy/dokploy/commit/1977235d313824b9764f1a06785fb7f73ab7eba2"
}
],
"source": {
"advisory": "GHSA-h67g-mpq5-6ph5",
"discovery": "UNKNOWN"
},
"title": "Dokploy\u0027s Preview Deployments are vulnerable to Remote Code Execution"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-53825",
"datePublished": "2025-07-14T22:44:22.246Z",
"dateReserved": "2025-07-09T14:14:52.530Z",
"dateUpdated": "2025-07-15T19:49:44.231Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-53375 (GCVE-0-2025-53375)
Vulnerability from cvelistv5 – Published: 2025-07-07 16:02 – Updated: 2025-07-08 13:50
VLAI?
Title
Dokploy allows attackers to read any file that the Traefik process user can access
Summary
Dokploy is a self-hostable Platform as a Service (PaaS) that simplifies the deployment and management of applications and databases. An authenticated attacker can read any file that the Traefik process user can access (e.g., /etc/passwd, application source, environment variable files containing credentials and secrets). This may lead to full compromise of other services or lateral movement. This vulnerability is fixed in 0.23.7.
Severity ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53375",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-08T13:50:40.314069Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-08T13:50:48.982Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "dokploy",
"vendor": "Dokploy",
"versions": [
{
"status": "affected",
"version": "\u003c 0.23.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Dokploy is a self-hostable Platform as a Service (PaaS) that simplifies the deployment and management of applications and databases. An authenticated attacker can read any file that the Traefik process user can access (e.g., /etc/passwd, application source, environment variable files containing credentials and secrets). This may lead to full compromise of other services or lateral movement. This vulnerability is fixed in 0.23.7."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-07T16:02:03.797Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Dokploy/dokploy/security/advisories/GHSA-vq94-qm94-mxp6",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Dokploy/dokploy/security/advisories/GHSA-vq94-qm94-mxp6"
},
{
"name": "https://github.com/Dokploy/dokploy/commit/e42f6bc61050cd438726921fced64477cbf8f8e6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Dokploy/dokploy/commit/e42f6bc61050cd438726921fced64477cbf8f8e6"
}
],
"source": {
"advisory": "GHSA-vq94-qm94-mxp6",
"discovery": "UNKNOWN"
},
"title": "Dokploy allows attackers to read any file that the Traefik process user can access"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-53375",
"datePublished": "2025-07-07T16:02:03.797Z",
"dateReserved": "2025-06-27T12:57:16.122Z",
"dateUpdated": "2025-07-08T13:50:48.982Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-53376 (GCVE-0-2025-53376)
Vulnerability from cvelistv5 – Published: 2025-07-07 15:55 – Updated: 2025-07-07 16:14
VLAI?
Title
Dokploy allows attackers to run arbitrary OS commands on the Dokploy host.
Summary
Dokploy is a self-hostable Platform as a Service (PaaS) that simplifies the deployment and management of applications and databases. An authenticated, low-privileged user can run arbitrary OS commands on the Dokploy host. The tRPC procedure
docker.getContainersByAppNameMatch interpolates the attacker-supplied appName value into a Docker CLI call without sanitisation, enabling command injection under the Dokploy service account. This vulnerability is fixed in 0.23.7.
Severity ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53376",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-07T16:14:17.024354Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-07T16:14:22.091Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "dokploy",
"vendor": "Dokploy",
"versions": [
{
"status": "affected",
"version": "\u003c 0.23.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Dokploy is a self-hostable Platform as a Service (PaaS) that simplifies the deployment and management of applications and databases. An authenticated, low-privileged user can run arbitrary OS commands on the Dokploy host. The tRPC procedure\ndocker.getContainersByAppNameMatch interpolates the attacker-supplied appName value into a Docker CLI call without sanitisation, enabling command injection under the Dokploy service account. This vulnerability is fixed in 0.23.7."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-07T15:55:34.637Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Dokploy/dokploy/security/advisories/GHSA-m486-7pmj-8cmv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Dokploy/dokploy/security/advisories/GHSA-m486-7pmj-8cmv"
},
{
"name": "https://github.com/Dokploy/dokploy/commit/fb5d2bd5b67322f1468e5e4d0d5abcf97517761c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Dokploy/dokploy/commit/fb5d2bd5b67322f1468e5e4d0d5abcf97517761c"
}
],
"source": {
"advisory": "GHSA-m486-7pmj-8cmv",
"discovery": "UNKNOWN"
},
"title": "Dokploy allows attackers to run arbitrary OS commands on the Dokploy host."
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-53376",
"datePublished": "2025-07-07T15:55:34.637Z",
"dateReserved": "2025-06-27T12:57:16.122Z",
"dateUpdated": "2025-07-07T16:14:22.091Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-53374 (GCVE-0-2025-53374)
Vulnerability from cvelistv5 – Published: 2025-07-07 15:52 – Updated: 2025-07-07 16:00
VLAI?
Title
Dokploy Improperly Discloses User Information via user.one Endpoint
Summary
Dokploy is a self-hostable Platform as a Service (PaaS) that simplifies the deployment and management of applications and databases. An authenticated low-privileged account can retrieve detailed profile information about another users in the same organization by directly invoking user.one. The response discloses personally-identifiable information (PII) such as e-mail address, role, two-factor status, organization ID, and various account flags. The fix will be available in the v0.23.7.
Severity ?
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53374",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-07T16:00:00.560106Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-07T16:00:15.266Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "dokploy",
"vendor": "Dokploy",
"versions": [
{
"status": "affected",
"version": "\u003c 0.23.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Dokploy is a self-hostable Platform as a Service (PaaS) that simplifies the deployment and management of applications and databases. An authenticated low-privileged account can retrieve detailed profile information about another users in the same organization by directly invoking user.one. The response discloses personally-identifiable information (PII) such as e-mail address, role, two-factor status, organization ID, and various account flags. The fix will be available in the v0.23.7."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 1.3,
"baseSeverity": "LOW",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-359",
"description": "CWE-359: Exposure of Private Personal Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-07T15:52:18.675Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Dokploy/dokploy/security/advisories/GHSA-fcq8-wv2q-f758",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Dokploy/dokploy/security/advisories/GHSA-fcq8-wv2q-f758"
},
{
"name": "https://github.com/Dokploy/dokploy/commit/61cf426615a4aa095b150362526aa52f2d1ea115",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Dokploy/dokploy/commit/61cf426615a4aa095b150362526aa52f2d1ea115"
}
],
"source": {
"advisory": "GHSA-fcq8-wv2q-f758",
"discovery": "UNKNOWN"
},
"title": "Dokploy Improperly Discloses User Information via user.one Endpoint"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-53374",
"datePublished": "2025-07-07T15:52:18.675Z",
"dateReserved": "2025-06-27T12:57:16.122Z",
"dateUpdated": "2025-07-07T16:00:15.266Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}