- Description
- Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.374, the missing authorization allows an authenticated user to retrieve any existing private keys on a coolify instance in plain text. If the server configuration of IP / domain, port (most likely 22) and user (root) matches with the victim's server configuration, then the attacker can execute arbitrary commands on the remote server. Version 4.0.0-beta.374 fixes the issue.
- Source
- security-advisories@github.com
- NVD status
- Received
CVSS 3.1
- Type
- Secondary
- Base score
- 10
- Impact score
- 6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- security-advisories@github.com
- CWE-200
- Hype score
- Not currently trending
CVSS 10 Alert: Coolify Hit by Three Critical Security Flaws – CVE-2025-22612, CVE-2025-22611, and CVE-2025-22609 https://t.co/meSverj76y
@the_yellow_fall
29 Jan 2025
116 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-22612: CRITICAL] Update now to Coolify version 4.0.0-beta.374! Prior versions had a security flaw allowing unauthorized access to private keys. Keep your data safe. #cybersecurity#cybersecurity,#vulnerability https://t.co/SO65K1GiKQ https://t.co/v1gNHK0Xw5
@CveFindCom
24 Jan 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes