Summary: A trio of critical security vulnerabilities in Coolify, an open-source platform, could allow remote code execution (RCE) and total control of affected systems. Assigned a CVSS score of 10, these vulnerabilities result from inadequate authorization checks, with severe implications for organizations using vulnerable versions. Immediate patching or temporary mitigation strategies are strongly recommended to prevent exploitation.
Affected: Coolify
Keypoints :
- Three vulnerabilities identified: CVE-2025-22612, CVE-2025-22611, CVE-2025-22609.
- All vulnerabilities rated with a CVSS score of 10, indicating critical severity.
- Organizations advised to update to versions v4.0.0-beta.374 or later to mitigate risk.
- Temporary measures include limiting access to the platform and monitoring system activity.
- Emphasis on prioritizing security best practices and patching efforts.