CVE-2025-64420

CRITICAL
2026-01-05 [email protected]
9.9
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
PoC Detected
Jan 12, 2026 - 14:31 vuln.today
Public exploit code
CVE Published
Jan 05, 2026 - 20:16 nvd
CRITICAL 9.9

Tags

Ssh Coolify

Description

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions prior to and including v4.0.0-beta.434, low privileged users are able to see the private key of the root user on the Coolify instance. This allows them to ssh to the server and authenticate as root user, using the private key. As of time of publication, it is unclear if a patch is available.

Analysis

Coolify through v4.0.0-beta.434 exposes the root user's SSH private key to low-privileged team members. Any user with basic access can extract the key, SSH to the server as root, and fully compromise the Coolify instance and all managed infrastructure. PoC available.

Technical Context

Insufficient access controls (CWE-522) allow any authenticated team member to read the private key used by Coolify for root SSH access to managed servers. Since Coolify manages deployment infrastructure, this single key often provides root access to all production servers.

Affected Products

Coolify through v4.0.0-beta.434

Remediation

Update Coolify immediately. Rotate the root SSH key. Audit SSH access logs on all managed servers. Implement per-user SSH keys with least-privilege access.

Priority Score

70
Low Medium High Critical
KEV: 0
EPSS: +0.1
CVSS: +50
POC: +20

Share

CVE-2025-64420 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy