CVE-2025-55182 (nicknamed React2Shell): Is it possible to avoid running Coolify or containers as root

[ebrearley]

People running React with server components are vulnerable to full container takeovers through CVE-2025-55182 (rated 10.0 / 10). We had our environment keys leaked through this (we didn't update in time and the Fastly WAF mitigation didn't work, nor did Vercels or Cloudflares).

There are botnets exploiting this vulnerability and installing crypto miners in systems running as root (one example of this has been posted on Reddit https://www.reddit.com/r/nextjs/comments/1pgiaj3/i_got_hacked_and_traced_how_much_money_hacker/)

Would it be possible to remove the need to run everything as root?

[peaklabs-dev]

It will certainly be possible in the future but upgrading is the only real solution.

Even with root if you are not using Docker socket mounts or an SSH key mount from your server, it will only infect your container, which is ephemeral and can simply be deleted and rebuilt.