Auth bypass in Coollabsio Coolify
CVE-2025-64421
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions up to and including v4.0.0-beta.434, a low privileged user (member) can invite a high privileged user. At first, the ap…
Vulnerability class: Broken Access Control
EPSS: 0.000 (11.3th percentile) — read the EPSS interpretation.
Affected products
- Coollabsio Coolify — versions <= 4.0.0-beta.434
Weakness classification (CWE)
References
- https://github.com/coollabsio/coolify/security/advisories/GHSA-4p6r-m39m-9cm9 (x_refsource_CONFIRM)
- https://drive.google.com/file/d/1YZHFgiZv_k9p9909A63DAErsTsh8K1rc/view?usp=drive_link (x_refsource_MISC)