← Retour aux CVEs
CVE-2025-64423
HIGH8.8
Description
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions up to and including v4.0.0-beta.434, a low privileged user (member) can see and use invitation links sent to an administrator. When they use the link before the legitimate recipient does, they are able to log in as an administrator, meaning they have successfully escalated their privileges. As of time of publication, it is unclear if a patch is available.
Details CVE
Score CVSS v3.18.8
SeveriteHIGH
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisLOW
Interaction utilisateurNONE
Publie1/5/2026
Derniere modification1/9/2026
Sourcenvd
Observations honeypot0
Produits affectes
coollabs:coolify
Faiblesses (CWE)
CWE-287
References
https://github.com/coollabsio/coolify/security/advisories/GHSA-4fqm-797g-7m6j(security-advisories@github.com)
https://github.com/coollabsio/coolify/security/advisories/GHSA-4fqm-797g-7m6j(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.