CVE-2025-64423

Name of the Vulnerable Software and Affected Versions Coolify versions up to and including 4.0.0-beta.434

Description Coolify is a self-hostable tool for managing servers, applications, and databases. A low privileged user (member) can view and utilize invitation links intended for administrators. If a member uses the link before the intended administrator, they can log in with administrative privileges, resulting in privilege escalation.

Recommendations Versions prior to 4.0.0-beta.435 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.