← Back to CVEs
CVE-2025-64423
HIGH8.8
Description
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions up to and including v4.0.0-beta.434, a low privileged user (member) can see and use invitation links sent to an administrator. When they use the link before the legitimate recipient does, they are able to log in as an administrator, meaning they have successfully escalated their privileges. As of time of publication, it is unclear if a patch is available.
CVE Details
CVSS v3.1 Score8.8
SeverityHIGH
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
Published1/5/2026
Last Modified1/9/2026
Sourcenvd
Honeypot Sightings0
Affected Products
coollabs:coolify
Weaknesses (CWE)
CWE-287
References
https://github.com/coollabsio/coolify/security/advisories/GHSA-4fqm-797g-7m6j(security-advisories@github.com)
https://github.com/coollabsio/coolify/security/advisories/GHSA-4fqm-797g-7m6j(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.