CVE-2025-53825
Published: 14 July 2025
Summary
CVE-2025-53825 is a critical-severity Missing Authorization (CWE-862) vulnerability in Dokploy Dokploy. Its CVSS base score is 9.4 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 15.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-3 (Access Enforcement).
Deeper analysis
Dokploy, a self-hostable Platform as a Service, contains an unauthenticated preview deployment vulnerability tracked as CVE-2025-53825 and CWE-862. The flaw affects all versions prior to 0.24.3 and stems from missing authorization checks on preview deployment functionality tied to public repositories. It carries a CVSS 3.1 score of 9.4, reflecting network-exploitable impacts on confidentiality, integrity, and availability.
An attacker needs only to open a pull request against a public repository configured for Dokploy preview deployments. This action triggers arbitrary code execution on the Dokploy instance and grants direct access to sensitive environment variables without authentication, enabling secret exfiltration and remote code execution against any exposed public deployments.
The official fix is included in Dokploy version 0.24.3, as detailed in the GitHub Security Advisory GHSA-h67g-mpq5-6ph5 and the associated commit 1977235d313824b9764f1a06785fb7f73ab7eba2. The current and peak EPSS scores remain at 0.0219 with no material increase observed.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-21402
Vulnerability details
Dokploy is a free, self-hostable Platform as a Service (PaaS). Prior to version 0.24.3, an unauthenticated preview deployment vulnerability in Dokploy allows any user to execute arbitrary code and access sensitive environment variables by simply opening a pull request on…
more
a public repository. This exposes secrets and potentially enables remote code execution, putting all public Dokploy users using these preview deployments at risk. Version 0.24.3 contains a fix for the issue.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct unauthenticated RCE on public-facing PaaS (T1190) via missing authorization, enabling arbitrary code execution (T1059) and extraction of secrets from environment variables (T1552).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly prohibits unauthorized actions like preview deployments without identification or authentication, preventing unauthenticated RCE and secret exposure.
Enforces approved access authorizations on preview deployment functions, blocking unauthenticated users from executing arbitrary code.
Requires timely remediation of authorization flaws like this CVE through patching, preventing exploitation of preview deployment vulnerabilities.