CVE-2025-22610

Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.361

Description The issue is related to missing authorization, allowing any authenticated user to access and modify the global Coolify instance OAuth configuration. This exposes sensitive information, including the client id and client secret for every custom OAuth provider.

Recommendations For versions prior to 4.0.0-beta.361, update to version 4.0.0-beta.361 or later to resolve the issue. As a temporary workaround, consider restricting access to the global OAuth configuration to minimize the risk of exploitation.