Vulnerability in Coollabsio Coolify
CVE-2025-64425
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions up to and including v4.0.0-beta.434, an attacker can initiate a password reset for a victim, and modify the host header…
EPSS: 0.000 (11.8th percentile) — read the EPSS interpretation.
Affected products
- Coollabsio Coolify — versions <= 4.0.0-beta.434
Weakness classification (CWE)
References
- https://github.com/coollabsio/coolify/security/advisories/GHSA-f737-2p93-g2cw (x_refsource_CONFIRM)
- https://drive.google.com/file/d/1I5sJHcpetJbKlwVS2usAD7qmgH37Y4rw/view?usp=drive_link (x_refsource_MISC)