How to fix CVE-2025-64423?

Within 7 days: Identify all affected systems running Coolify and apply vendor patches promptly. Audit authentication configurations and rotate any potentially compromised credentials.

Is Coolify affected by CVE-2025-64423?

Organizations using Coolify face significant risk from CVE-2025-64423, a improper authentication vulnerability rated CVSS 8.8. Attackers could bypass security controls to gain unauthorized access to protected resources and sensitive data.

CVE-2025-64423

HIGH

2026-01-05 [email protected]

8.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

PoC Detected

Jan 09, 2026 - 16:10 vuln.today

Public exploit code

CVE Published

Jan 05, 2026 - 21:16 nvd

HIGH 8.8

Description

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions up to and including v4.0.0-beta.434, a low privileged user (member) can see and use invitation links sent to an administrator. When they use the link before the legitimate recipient does, they are able to log in as an administrator, meaning they have successfully escalated their privileges. As of time of publication, it is unclear if a patch is available.

Analysis

Technical Context

Classified as CWE-287 (Improper Authentication). Affects Coolify. Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions up to and including v4.0.0-beta.434, a low privileged user (member) can see and use invitation links sent to an administrator. When they use the link before the legitimate recipient does, they are able to log in as an administrator, meaning they have successfully escalated their privileges. As of time of publication, it is unclear if a patch is available.

Affected Products

Vendor: Coollabs. Product: Coolify.

Remediation

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +44

POC: +20

CVE-2025-64423 vulnerability details – vuln.today

Back

CVE-2025-64423

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-64423

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code