← Voltar para CVEs
CVE-2025-64423
HIGH8.8
Descricao
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions up to and including v4.0.0-beta.434, a low privileged user (member) can see and use invitation links sent to an administrator. When they use the link before the legitimate recipient does, they are able to log in as an administrator, meaning they have successfully escalated their privileges. As of time of publication, it is unclear if a patch is available.
Detalhes CVE
Pontuacao CVSS v3.18.8
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosLOW
Interacao do usuarioNONE
Publicado1/5/2026
Ultima modificacao1/9/2026
Fontenvd
Avistamentos honeypot0
Produtos afetados
coollabs:coolify
Fraquezas (CWE)
CWE-287
Referencias
https://github.com/coollabsio/coolify/security/advisories/GHSA-4fqm-797g-7m6j(security-advisories@github.com)
https://github.com/coollabsio/coolify/security/advisories/GHSA-4fqm-797g-7m6j(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.