Cyber Resilience

CVE-2025-53825

Critical

Published: 14 July 2025

Published
14 July 2025
Modified
11 September 2025
KEV Added
Patch
CVSS Score v3.1 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
EPSS Score 0.0219 84.7th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-53825 is a critical-severity Missing Authorization (CWE-862) vulnerability in Dokploy Dokploy. Its CVSS base score is 9.4 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 15.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-3 (Access Enforcement).

Deeper analysis

Dokploy, a self-hostable Platform as a Service, contains an unauthenticated preview deployment vulnerability tracked as CVE-2025-53825 and CWE-862. The flaw affects all versions prior to 0.24.3 and stems from missing authorization checks on preview deployment functionality tied to public repositories. It carries a CVSS 3.1 score of 9.4, reflecting network-exploitable impacts on confidentiality, integrity, and availability.

An attacker needs only to open a pull request against a public repository configured for Dokploy preview deployments. This action triggers arbitrary code execution on the Dokploy instance and grants direct access to sensitive environment variables without authentication, enabling secret exfiltration and remote code execution against any exposed public deployments.

The official fix is included in Dokploy version 0.24.3, as detailed in the GitHub Security Advisory GHSA-h67g-mpq5-6ph5 and the associated commit 1977235d313824b9764f1a06785fb7f73ab7eba2. The current and peak EPSS scores remain at 0.0219 with no material increase observed.

EU & UK References

Vulnerability details

Dokploy is a free, self-hostable Platform as a Service (PaaS). Prior to version 0.24.3, an unauthenticated preview deployment vulnerability in Dokploy allows any user to execute arbitrary code and access sensitive environment variables by simply opening a pull request on…

more

a public repository. This exposes secrets and potentially enables remote code execution, putting all public Dokploy users using these preview deployments at risk. Version 0.24.3 contains a fix for the issue.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
T1552 Unsecured Credentials Credential Access
Adversaries may search compromised systems to find and obtain insecurely stored credentials.
Why these techniques?

Direct unauthenticated RCE on public-facing PaaS (T1190) via missing authorization, enabling arbitrary code execution (T1059) and extraction of secrets from environment variables (T1552).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-24841Same product: Dokploy Dokploy
CVE-2026-24840Same product: Dokploy Dokploy
CVE-2025-11754Shared CWE-862
CVE-2025-11158Shared CWE-862
CVE-2024-11816Shared CWE-862
CVE-2026-34184Shared CWE-862
CVE-2026-45209Shared CWE-862
CVE-2026-25026Shared CWE-862
CVE-2026-42083Shared CWE-862
CVE-2026-0656Shared CWE-862

Affected Assets

dokploy
dokploy
≤ 0.24.3

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly prohibits unauthorized actions like preview deployments without identification or authentication, preventing unauthenticated RCE and secret exposure.

prevent

Enforces approved access authorizations on preview deployment functions, blocking unauthenticated users from executing arbitrary code.

prevent

Requires timely remediation of authorization flaws like this CVE through patching, preventing exploitation of preview deployment vulnerabilities.

References