Plattform
docker
Komponente
coolify
Behoben in
4.0.1
CVE-2025-64423 describes a Privilege Escalation vulnerability affecting Coolify, an open-source server, application, and database management tool. Attackers can exploit this flaw to gain administrator access by intercepting and utilizing invitation links intended for administrators. This vulnerability impacts Coolify versions up to and including 4.0.0-beta.434, with a fix available in version 4.0.0.
The primary impact of CVE-2025-64423 is the potential for unauthorized privilege escalation. A member user, possessing limited access within a Coolify instance, can effectively become an administrator by exploiting the invitation link mechanism. This grants them complete control over the Coolify environment, including the ability to manage servers, applications, and databases. The attacker could modify configurations, access sensitive data, deploy malicious applications, or compromise the underlying infrastructure. This vulnerability represents a significant security risk for organizations relying on Coolify for self-hosting.
As of the publication date, no public proof-of-concept (PoC) code has been released for CVE-2025-64423. The vulnerability is not currently listed on the CISA KEV catalog. The potential for exploitation exists, particularly within environments where invitation links are frequently used and not adequately protected. The ease of exploitation, requiring only interception of a link, suggests a medium probability of exploitation if the vulnerability becomes widely known.
Organizations utilizing Coolify for self-hosting their applications and databases are at risk. Specifically, deployments where member users have access to administrative functions or where invitation links are not carefully managed are particularly vulnerable. Shared hosting environments using Coolify also face increased risk due to the potential for cross-tenant exploitation.
• docker: Inspect running containers for Coolify versions prior to 4.0.0. Use docker ps and docker exec -it <container_id> /bin/bash to check the version.
• generic web: Monitor Coolify logs for unusual login attempts or activity related to invitation link usage. Look for patterns indicating a user logging in with elevated privileges after a short period of time.
• generic web: Check for unusual processes running within the Coolify container that might indicate a compromised account.
disclosure
Exploit-Status
EPSS
0.06% (19% Perzentil)
CISA SSVC
The primary mitigation for CVE-2025-64423 is to upgrade Coolify to version 4.0.0 or later, which contains the fix. If upgrading immediately is not feasible, consider temporarily disabling the invitation link feature or implementing stricter access controls around invitation link generation and distribution. Monitor Coolify logs for suspicious activity related to invitation link usage. While a direct workaround is not available, careful monitoring and access control practices can reduce the risk until a full upgrade can be performed. After upgrading, confirm the fix by attempting to intercept and use an invitation link as a low-privileged user; the login attempt should fail.
Aktualisieren Sie Coolify auf eine Version nach v4.0.0-beta.434, sobald eine korrigierte Version verfügbar ist. Achten Sie auf Sicherheitsankündigungen von Coolify für Updates zur Patch-Verfügbarkeit. Beschränken Sie bis dahin den Zugriff auf die Coolify-Instanz auf vertrauenswürdige Benutzer.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-64423 is a vulnerability in Coolify versions ≤4.0.0-beta.434 allowing low-privileged users to escalate to administrator privileges by intercepting invitation links.
You are affected if you are running Coolify versions prior to 4.0.0. Check your Coolify version and upgrade immediately if vulnerable.
Upgrade Coolify to version 4.0.0 or later to remediate the vulnerability. Consider temporary access control measures if immediate upgrade is not possible.
There are currently no confirmed reports of active exploitation, but the vulnerability's ease of exploitation suggests a potential risk.
Refer to the Coolify project's official communication channels and security advisories for the latest information on CVE-2025-64423.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Dockerfile-Datei hoch und wir sagen dir sofort, ob du betroffen bist.