CVE-2025-22611

CVSS 3.1 Score 9.9 of 10 (high)

Details

Published Jan 24, 2025
CWE ID 862

Summary

CVE-2025-22611 is a vulnerability affecting the Coolify open-source server management tool. Before version 4.0.0-beta.361, the application failed to implement proper authorization checks, enabling any authenticated user to escalate their privileges to the owner role. This misconfiguration also permitted the attacker to eject other team members, including admins and owners, giving them full access to the `Terminal` feature and the ability to execute remote commands. Version 4.0.0-beta.361 patch resolves this issue.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share