← Volver a CVEs
CVE-2025-64423
HIGH8.8
Descripcion
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions up to and including v4.0.0-beta.434, a low privileged user (member) can see and use invitation links sent to an administrator. When they use the link before the legitimate recipient does, they are able to log in as an administrator, meaning they have successfully escalated their privileges. As of time of publication, it is unclear if a patch is available.
Detalles CVE
Puntuacion CVSS v3.18.8
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioNONE
Publicado1/5/2026
Ultima modificacion1/9/2026
Fuentenvd
Avistamientos honeypot0
Productos afectados
coollabs:coolify
Debilidades (CWE)
CWE-287
Referencias
https://github.com/coollabsio/coolify/security/advisories/GHSA-4fqm-797g-7m6j(security-advisories@github.com)
https://github.com/coollabsio/coolify/security/advisories/GHSA-4fqm-797g-7m6j(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.