CVE-2025-22611
CVSS 3.1 Score 9.9 of 10 (high)
Details
Published Jan 24, 2025
CWE ID 862
Summary
CVE-2025-22611 is a vulnerability affecting the Coolify open-source server management tool. Before version 4.0.0-beta.361, the application failed to implement proper authorization checks, enabling any authenticated user to escalate their privileges to the owner role. This misconfiguration also permitted the attacker to eject other team members, including admins and owners, giving them full access to the `Terminal` feature and the ability to execute remote commands. Version 4.0.0-beta.361 patch resolves this issue.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.