We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-53825

Dokploy's Preview Deployments are vulnerable to Remote Code Execution



Description

Dokploy is a free, self-hostable Platform as a Service (PaaS). Prior to version 0.24.3, an unauthenticated preview deployment vulnerability in Dokploy allows any user to execute arbitrary code and access sensitive environment variables by simply opening a pull request on a public repository. This exposes secrets and potentially enables remote code execution, putting all public Dokploy users using these preview deployments at risk. Version 0.24.3 contains a fix for the issue.

Reserved 2025-07-09 | Published 2025-07-14 | Updated 2025-07-14 | Assigner GitHub_M


CRITICAL: 9.4CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

Problem types

CWE-862: Missing Authorization

Product status

< 0.24.3
affected

References

github.com/...okploy/security/advisories/GHSA-h67g-mpq5-6ph5

github.com/...ommit/1977235d313824b9764f1a06785fb7f73ab7eba2

cve.org (CVE-2025-53825)

nvd.nist.gov (CVE-2025-53825)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-53825

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.