Authorization Flaw in Coolify Affects Server Management Tool
CVE-2025-22608

6.5MEDIUM

Key Information:

Vendor: Coollabsio
Status: Coolify
Vendor: CVE Published:; 24 January 2025

Summary

Coolify, an open-source tool for managing servers, applications, and databases, suffers from an authorization vulnerability prior to version 4.0.0-beta.361. This flaw permits authenticated users to revoke any team invitations by simply providing a predictable and incrementing ID. Consequently, this could lead to a Denial-of-Service attack, disrupting team operations within a Coolify instance. Users are advised to upgrade to 4.0.0-beta.361 or later to mitigate this vulnerability.

Affected Version(s)

coolify < 4.0.0-beta.361

References

https://github.com/coollabsio/coolify/security/advisories...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 24, 2025
Vulnerability Reserved
Jan 7, 2025