Dokploy is a self-hostable Platform as a Service (PaaS) that simplifies the deployment and management of applications and databases. An authenticated low-privileged account can retrieve detailed profile information about another users in the same organization by directly invoking user.one. The response discloses personally-identifiable information (PII) such as e-mail address, role, two-factor status, organization ID, and various account flags. The fix will be available in the v0.23.7.
History

Mon, 07 Jul 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 07 Jul 2025 16:00:00 +0000

Type Values Removed Values Added
Description Dokploy is a self-hostable Platform as a Service (PaaS) that simplifies the deployment and management of applications and databases. An authenticated low-privileged account can retrieve detailed profile information about another users in the same organization by directly invoking user.one. The response discloses personally-identifiable information (PII) such as e-mail address, role, two-factor status, organization ID, and various account flags. The fix will be available in the v0.23.7.
Title Dokploy Improperly Discloses User Information via user.one Endpoint
Weaknesses CWE-359
CWE-862
References
Metrics cvssV4_0

{'score': 1.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2025-07-07T15:52:18.675Z

Updated: 2025-07-07T16:00:15.266Z

Reserved: 2025-06-27T12:57:16.122Z

Link: CVE-2025-53374

cve-icon Vulnrichment

Updated: 2025-07-07T16:00:06.546Z

cve-icon NVD

Status : Received

Published: 2025-07-07T16:15:25.113

Modified: 2025-07-07T16:15:25.113

Link: CVE-2025-53374

cve-icon Redhat

No data.