CVE-2025-22608
published 2025-01-24CVE-2025-22608: Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization…
PriorityP433medium6.5CVSS 3.1
AVNACLPRNUINSUCNILAL
EPSS
0.35%
26.7th percentile
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to revoke any team invitations on a Coolify instance by only providing a predictable and incrementing ID, resulting in a Denial-of-Service attack (DOS). Version 4.0.0-beta.361 fixes the issue.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| coollabs | coolify | < 4.0.0 | 4.0.0 |
| coollabs | coolify | — | — |
| coollabsio | coolify | < 4.0.0-beta.361 | 4.0.0-beta.361 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No advisories linked to this vulnerability.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-01-24
Published