CVE-2025-64423

High CVSS: 7.7

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions up to and including v4.0.0-beta.434, a low privileged user (member) can see and use invitation links sent to an administrator. When they use the link before the legitimate recipient does, they are able to log in as an administrator, meaning they have successfully escalated their privileges. As of time of publication, it is unclear if a patch is available.

Vendor

Coollabs

Product

Coolify

CWE

CWE-287

Yayın Tarihi

2026-01-05 21:16:12

Güncelleme

2026-01-09 16:10:47

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-287 Coolify HIGH Coollabs 2026

Referanslar

https://github.com/coollabsio/coolify/security/advisories/GHSA-4fqm-797g-7m6j https://github.com/coollabsio/coolify/security/advisories/GHSA-4fqm-797g-7m6j

Benzer Kayıtlar

Medium

CVE-2025-64422

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify vstarting…

Critical

CVE-2025-64424

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions…

High

CVE-2025-64425

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions…

Critical

CVE-2025-64419

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0…

Critical

CVE-2025-64420

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions…

High

CVE-2025-64421

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions…