CVE-2025-64420

Critical CVSS: 9.9

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions prior to and including v4.0.0-beta.434, low privileged users are able to see the private key of the root user on the Coolify instance. This allows them to ssh to the server and authenticate as root user, using the private key. As of time of publication, it is unclear if a patch is available.

Vendor

Coollabs

Product

Coolify

CWE

CWE-522

Yayın Tarihi

2026-01-05 20:16:02

Güncelleme

2026-01-12 14:31:59

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-522 Coolify CRITICAL Coollabs 2026

Referanslar

https://github.com/coollabsio/coolify/security/advisories/GHSA-qwxj-qch7-whpc

Benzer Kayıtlar

Medium

CVE-2025-64422

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify vstarting…

High

CVE-2025-64423

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions…

Critical

CVE-2025-64424

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions…

High

CVE-2025-64425

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions…

Critical

CVE-2025-64419

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0…

High

CVE-2025-64421

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions…