Cybersecurity researchers have disclosed details of multiple critical-severity security flaws affecting Coolify, an open-source, self-hosting platform, that could result in authentication bypass and remote code execution. The list of vulnerabilities is as follows - CVE-2025-66209 (CVSS score: 10.0) - A command injection vulnerability in the database backup functionality allows any authenticated
In cybersecurity, this event reinforces the need for proactive vulnerability management and robust security practices for AI infrastructure, particularly in sectors that rely on self-hosted solutions for sensitive data processing or national security purposes. Defense applications self-hosting AI models are at very high risk of compromise.
Operational impact: Organizations deploying AI/ML models on self-hosted platforms like Coolify must prioritize security hardening and vulnerability patching to mitigate the risk of compromise. This includes implementing robust access controls, regularly auditing security configurations, and establishing incident response plans to address potential breaches. Failure to address these security concerns can lead to significant operational disruptions, financial losses, and reputational damage.