← Voltar para CVEs
CVE-2025-22611
CRITICAL9.9
Descricao
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to escalate his or any other team members privileges to any role, including the owner role. He's also able to kick every other member out of the team, including admins and owners. This allows the attacker to access the `Terminal` feature and execute remote commands. Version 4.0.0-beta.361 fixes the issue.
Detalhes CVE
Pontuacao CVSS v3.19.9
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosLOW
Interacao do usuarioNONE
Publicado1/24/2025
Ultima modificacao9/19/2025
Fontenvd
Avistamentos honeypot0
Produtos afetados
coollabs:coolify
Fraquezas (CWE)
CWE-862
Referencias
https://github.com/coollabsio/coolify/security/advisories/GHSA-9w72-9qww-qj6g(security-advisories@github.com)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.