← Voltar para CVEs
CVE-2025-64420
CRITICAL9.9
Descricao
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions prior to and including v4.0.0-beta.434, low privileged users are able to see the private key of the root user on the Coolify instance. This allows them to ssh to the server and authenticate as root user, using the private key. As of time of publication, it is unclear if a patch is available.
Detalhes CVE
Pontuacao CVSS v3.19.9
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosLOW
Interacao do usuarioNONE
Publicado1/5/2026
Ultima modificacao1/12/2026
Fontenvd
Avistamentos honeypot0
Produtos afetados
coollabs:coolify
Fraquezas (CWE)
CWE-522
Referencias
https://github.com/coollabsio/coolify/security/advisories/GHSA-qwxj-qch7-whpc(security-advisories@github.com)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.