Improper Access Control in Coolify Affects Self-Hosted Server Management Tool

CVE-2025-64420

What is CVE-2025-64420?

Coolify is an open-source tool that allows users to manage servers, applications, and databases. In certain versions (up to v4.0.0-beta.434), a flaw in the access control mechanism permits low-privileged users to view the private key associated with the root user account. This exposure enables unauthorized SSH access to the server, allowing such users to authenticate as the root user. As of the latest information, there is no available patch to remediate this issue.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

News Articles

Cyber Press

CVE-2025-64419CVE-2025-64420

Coolify Self-Hosting Platform Vulnerabilities Allow Attackers to Execute Arbitrary System Commands

The vulnerabilities pose severe risks to organizations deploying Coolify instances, particularly those exposed to the internet.

1 month ago

References