Platform
docker
Component
coolify
Opgelost in
4.0.1
CVE-2025-64423 describes a Privilege Escalation vulnerability affecting Coolify, an open-source server, application, and database management tool. Attackers can exploit this flaw to gain administrator access by intercepting and utilizing invitation links intended for administrators. This vulnerability impacts Coolify versions up to and including 4.0.0-beta.434, with a fix available in version 4.0.0.
The primary impact of CVE-2025-64423 is the potential for unauthorized privilege escalation. A member user, possessing limited access within a Coolify instance, can effectively become an administrator by exploiting the invitation link mechanism. This grants them complete control over the Coolify environment, including the ability to manage servers, applications, and databases. The attacker could modify configurations, access sensitive data, deploy malicious applications, or compromise the underlying infrastructure. This vulnerability represents a significant security risk for organizations relying on Coolify for self-hosting.
As of the publication date, no public proof-of-concept (PoC) code has been released for CVE-2025-64423. The vulnerability is not currently listed on the CISA KEV catalog. The potential for exploitation exists, particularly within environments where invitation links are frequently used and not adequately protected. The ease of exploitation, requiring only interception of a link, suggests a medium probability of exploitation if the vulnerability becomes widely known.
Organizations utilizing Coolify for self-hosting their applications and databases are at risk. Specifically, deployments where member users have access to administrative functions or where invitation links are not carefully managed are particularly vulnerable. Shared hosting environments using Coolify also face increased risk due to the potential for cross-tenant exploitation.
• docker: Inspect running containers for Coolify versions prior to 4.0.0. Use docker ps and docker exec -it <container_id> /bin/bash to check the version.
• generic web: Monitor Coolify logs for unusual login attempts or activity related to invitation link usage. Look for patterns indicating a user logging in with elevated privileges after a short period of time.
• generic web: Check for unusual processes running within the Coolify container that might indicate a compromised account.
disclosure
Exploit Status
EPSS
0.06% (19% percentiel)
CISA SSVC
The primary mitigation for CVE-2025-64423 is to upgrade Coolify to version 4.0.0 or later, which contains the fix. If upgrading immediately is not feasible, consider temporarily disabling the invitation link feature or implementing stricter access controls around invitation link generation and distribution. Monitor Coolify logs for suspicious activity related to invitation link usage. While a direct workaround is not available, careful monitoring and access control practices can reduce the risk until a full upgrade can be performed. After upgrading, confirm the fix by attempting to intercept and use an invitation link as a low-privileged user; the login attempt should fail.
Werk Coolify bij naar een versie later dan v4.0.0-beta.434, zodra een gecorrigeerde versie beschikbaar is. Houd de beveiligingsadviezen van Coolify in de gaten voor updates over de beschikbaarheid van patches. Tot die tijd, beperk de toegang tot de Coolify-instantie tot vertrouwde gebruikers.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2025-64423 is a vulnerability in Coolify versions ≤4.0.0-beta.434 allowing low-privileged users to escalate to administrator privileges by intercepting invitation links.
You are affected if you are running Coolify versions prior to 4.0.0. Check your Coolify version and upgrade immediately if vulnerable.
Upgrade Coolify to version 4.0.0 or later to remediate the vulnerability. Consider temporary access control measures if immediate upgrade is not possible.
There are currently no confirmed reports of active exploitation, but the vulnerability's ease of exploitation suggests a potential risk.
Refer to the Coolify project's official communication channels and security advisories for the latest information on CVE-2025-64423.
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.
Upload je Dockerfile-bestand en we vertellen je direct of je getroffen bent.