AI-driven pentesting is often discussed in theory. To evaluate how it performs in practice, Aikido conducted a security assessment of Coolify, a widely used open-source self-hosted platform.
Coolify has close to 50,000 GitHub stars and more than 500 contributors. It is actively maintained and has undergone extensive community review. Like many mature open-source projects, Coolify has had vulnerabilities publicly disclosed in the past.
This assessment was conducted against a mature codebase with a known vulnerability history, without seeding the AI system with prior reports or previously disclosed issues. The goal was to evaluate how Aikido Attack, an AI pentesting system performs against a real-world production environment.
The AI-driven assessment resulted in the identification of seven security vulnerabilities, all of which were assigned CVEs. Several of these issues allowed privilege escalation to administrator level or remote code execution as root on the host system, resulting in full compromise of the affected instance.
All findings were responsibly disclosed to the Coolify team and have since been fixed.
Here are the CVEs:
- Rate Limit Bypass on Login: CVE-2025-64422
- Low privileged user can invite themselves as an admin user: CVE-2025-64421
- Command Injection via Docker Compose: CVE-2025-64419
- Low privileged users can see and use admin invitation links: CVE-2025-64423
- Command injection via git source configuration: CVE-2025-64424
- Host header injection in forgot password: CVE-2025-64425
- Members can see private key of root user: CVE-2025-64420
Testing Approach
The assessment targeted Coolify version 4.0.0 beta 434, deployed using the default Hetzner installation method.
Testing was performed using Aikido’s AI pentesting solution. The assessment combined:
- Automated black-box testing of exposed endpoints and application flows
- AI-based white-box analysis of security-sensitive code paths
- Continuous reasoning across authentication, authorization, and command execution logic
The AI agents focused on areas commonly associated with high-impact vulnerabilities in infrastructure platforms, including login flows, invitation mechanisms, permission boundaries, and user-controlled input passed to system commands.
In several cases, AI agents independently surfaced exploitable issues. In other cases, vulnerabilities were identified through manual analysis and used to evaluate coverage gaps in the current generation of agents.
As part of responsible security research, all findings were verified prior to disclosure to confirm exploitability and assess impact.
Overview of Findings
The vulnerabilities fall into the following categories:
- Authentication weaknesses enabling brute-force attacks
- Multiple privilege escalation paths from low-privileged users
- Command injection vulnerabilities leading to remote code execution
- Exposure of highly sensitive credentials
Detailed Findings
Conclusion
This assessment demonstrates how AI-driven pentesting can be used to identify high-impact vulnerabilities in complex, production-grade open-source systems.
The AI-driven assessment of Coolify resulted in seven CVEs, including multiple privilege escalation paths and several routes to full host compromise. While some findings were surfaced directly by AI agents, others required human intervention to validate exploitability, provide additional context, or identify gaps in current coverage.
This feedback loop is a deliberate part of how Aikido develops its AI pentesting system. Human intervention at this stage improves overall quality by reducing false positives and informing the next generation of agents to expand coverage and depth over time.
Together, these results highlight both the current effectiveness of AI-driven pentesting and the path toward continuously improving autonomous security testing at scale.
Find out more about Aikido Attack here.
Secure your software now
.avif)
