← Back

CVE-2025-53825

nvd nist
Published: Jul 14, 2025Modified: Sep 11, 2025

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

Dokploy is a free, self-hostable Platform as a Service (PaaS). Prior to version 0.24.3, an unauthenticated preview deployment vulnerability in Dokploy allows any user to execute arbitrary code and access sensitive environment variables by simply opening a pull request on a public repository. This exposes secrets and potentially enables remote code execution, putting all public Dokploy users using these preview deployments at risk. Version 0.24.3 contains a fix for the issue.

Affected (1)

Products: Dokploy: Dokploy
Dokploy
1 product
Dokploy
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Dokploy
Before 0.24.3

Related CWEs

CWE-862
Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (3)

Source: security-advisories@github.com
Patch
Source: security-advisories@github.com
Vendor Advisory
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Vendor Advisory

Timeline

No history available yet.