Home > Vulnerability Database > CVE-2025-22609

Mend.io Vulnerability Database

CVE-2025-22609

Date: January 24, 2025

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to attach any existing private key on a coolify instance to his own server. If the server configuration of IP / domain, port (most likely 22) and user (root) matches with the victim's server configuration, then the attacker can use the "Terminal" feature and execute arbitrary commands on the victim's server. Version 4.0.0-beta.361 fixes the issue.

Severity Score

10.0

Related Resources (3)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-22609

Url: https://github.com/coollabsio/coolify/security/advisories/GHSA-3w2c-jfr2-9pg9

Url: https://www.mend.io/vulnerability-database/CVE-2025-22609

Severity Score

10.0

Weakness Type (CWE)

Missing Authorization

CWE-862

CVSS v3.1

Base Score:	10.0
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-22609

Date: January 24, 2025

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?