What is the severity of CVE-2025-22611?

CVE-2025-22611 is classified as a high-severity vulnerability due to its potential impact on privilege escalation.

How do I fix CVE-2025-22611?

To fix CVE-2025-22611, upgrade to Coolify version 4.0.0-beta.361 or later, where the missing authorization vulnerability has been addressed.

Who is affected by CVE-2025-22611?

Users of Coolify versions prior to 4.0.0-beta.361 are affected by CVE-2025-22611, specifically any authenticated users.

What kind of impact can CVE-2025-22611 have on my system?

CVE-2025-22611 can allow authenticated users to escalate their privileges, potentially allowing them to gain full control over the system.

Is there a workaround for CVE-2025-22611?

There are no official workarounds for CVE-2025-22611; upgrading to the latest version is the recommended action.

Vulnerability/
CVE-2025-22611

critical

CWE

862

EPSS

0.043%

24/1/2025

CVE-2025-22611: Coolify vulnerable to Privilege Escalation resulting in Remote Command Execution (RCE)

First published: Fri Jan 24 2025(Updated: )

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to escalate his or any other team members privileges to any role, including the owner role. He's also able to kick every other member out of the team, including admins and owners. This allows the attacker to access the `Terminal` feature and execute remote commands. Version 4.0.0-beta.361 fixes the issue.

Credit: security-advisories@github.com

Affected Software	Affected Version	How to fix
Coolify Coolify	<4.0.0-beta.361

Never miss a vulnerability like this again

Reference Links

https://github.com/coollabsio/coolify/security/advisories/GHSA-9w72-9qww-qj6g

Frequently Asked Questions

What is the severity of CVE-2025-22611?
CVE-2025-22611 is classified as a high-severity vulnerability due to its potential impact on privilege escalation.
How do I fix CVE-2025-22611?
To fix CVE-2025-22611, upgrade to Coolify version 4.0.0-beta.361 or later, where the missing authorization vulnerability has been addressed.
Who is affected by CVE-2025-22611?
Users of Coolify versions prior to 4.0.0-beta.361 are affected by CVE-2025-22611, specifically any authenticated users.
What kind of impact can CVE-2025-22611 have on my system?
CVE-2025-22611 can allow authenticated users to escalate their privileges, potentially allowing them to gain full control over the system.
Is there a workaround for CVE-2025-22611?
There are no official workarounds for CVE-2025-22611; upgrading to the latest version is the recommended action.

agent/title
agent/weakness
agent/references
agent/type
agent/description
agent/first-publish-date
agent/softwarecombine
collector/nvd-api
source/NVD
agent/severity
agent/author
agent/event
agent/source
collector/mitre-cve
source/MITRE
agent/last-modified-date
collector/epss-latest
source/FIRST
agent/epss
agent/tags
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/coolify
canonical/coolify coolify

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.