CVE-2025-64423 describes a Privilege Escalation vulnerability affecting Coolify, an open-source server, application, and database management tool. Attackers can exploit this flaw to gain administrator access by intercepting and utilizing invitation links intended for administrators. This vulnerability impacts Coolify versions up to and including 4.0.0-beta.434, with a fix available in version 4.0.0.
The primary impact of CVE-2025-64423 is the potential for unauthorized privilege escalation. A member user, possessing limited access within a Coolify instance, can effectively become an administrator by exploiting the invitation link mechanism. This grants them complete control over the Coolify environment, including the ability to manage servers, applications, and databases. The attacker could modify configurations, access sensitive data, deploy malicious applications, or compromise the underlying infrastructure. This vulnerability represents a significant security risk for organizations relying on Coolify for self-hosting.
As of the publication date, no public proof-of-concept (PoC) code has been released for CVE-2025-64423. The vulnerability is not currently listed on the CISA KEV catalog. The potential for exploitation exists, particularly within environments where invitation links are frequently used and not adequately protected. The ease of exploitation, requiring only interception of a link, suggests a medium probability of exploitation if the vulnerability becomes widely known.
Organizations utilizing Coolify for self-hosting their applications and databases are at risk. Specifically, deployments where member users have access to administrative functions or where invitation links are not carefully managed are particularly vulnerable. Shared hosting environments using Coolify also face increased risk due to the potential for cross-tenant exploitation.
• docker: Inspect running containers for Coolify versions prior to 4.0.0. Use docker ps and docker exec -it <container_id> /bin/bash to check the version.
• generic web: Monitor Coolify logs for unusual login attempts or activity related to invitation link usage. Look for patterns indicating a user logging in with elevated privileges after a short period of time.
• generic web: Check for unusual processes running within the Coolify container that might indicate a compromised account.
disclosure
漏洞利用状态
EPSS
0.06% (19% 百分位)
CISA SSVC
The primary mitigation for CVE-2025-64423 is to upgrade Coolify to version 4.0.0 or later, which contains the fix. If upgrading immediately is not feasible, consider temporarily disabling the invitation link feature or implementing stricter access controls around invitation link generation and distribution. Monitor Coolify logs for suspicious activity related to invitation link usage. While a direct workaround is not available, careful monitoring and access control practices can reduce the risk until a full upgrade can be performed. After upgrading, confirm the fix by attempting to intercept and use an invitation link as a low-privileged user; the login attempt should fail.
一旦发布了修复版本,请将Coolify更新到v4.0.0-beta.434之后的版本。请留意Coolify的安全公告,以获取有关补丁可用性的更新。在此之前,限制对Coolify实例的访问,仅允许可信用户访问。
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2025-64423 is a vulnerability in Coolify versions ≤4.0.0-beta.434 allowing low-privileged users to escalate to administrator privileges by intercepting invitation links.
You are affected if you are running Coolify versions prior to 4.0.0. Check your Coolify version and upgrade immediately if vulnerable.
Upgrade Coolify to version 4.0.0 or later to remediate the vulnerability. Consider temporary access control measures if immediate upgrade is not possible.
There are currently no confirmed reports of active exploitation, but the vulnerability's ease of exploitation suggests a potential risk.
Refer to the Coolify project's official communication channels and security advisories for the latest information on CVE-2025-64423.
上传你的 Dockerfile 文件,立即知道是否受影响。