CVE-2025-64423 is an improper authentication vulnerability classified under CWE-287 affecting Coolify, an open-source, self-hosted platform for managing servers, applications, and databases. In versions up to and including 4.0.0-beta.434, a low-privileged user with member-level access can view and utilize administrator invitation links intended for other users. By using these invitation links before the legitimate administrator accepts them, the attacker can escalate their privileges to administrator level. This flaw arises because invitation links are not adequately protected or invalidated upon use, allowing race conditions or link interception to grant unauthorized admin access. The vulnerability requires the attacker to have at least member access but does not require any user interaction beyond using the link. The CVSS 4.0 score of 7.7 reflects high impact on confidentiality, integrity, and availability, with network attack vector, low attack complexity, and partial authentication required. No patch or fix has been confirmed at the time of publication, and no active exploitation has been reported. This vulnerability poses a significant risk to environments relying on Coolify for critical infrastructure management, as an attacker gaining admin access can control deployments, configurations, and sensitive data.

For European organizations, this vulnerability could lead to unauthorized administrative access to critical server and application management infrastructure. Attackers exploiting this flaw can manipulate deployments, access sensitive databases, and disrupt service availability. The breach of administrative privileges undermines trust in the platform and can lead to data breaches, service outages, and potential lateral movement within the network. Organizations using Coolify in regulated sectors such as finance, healthcare, or government face increased compliance risks and potential legal consequences due to unauthorized access and data exposure. The impact is magnified in multi-tenant or cloud-hosted environments where Coolify manages multiple clients or services. Given the network-based attack vector and ease of exploitation by low-privileged users, the threat is significant for any European entity deploying vulnerable versions of Coolify.

European organizations should immediately audit their Coolify deployments to identify affected versions (<=4.0.0-beta.434). Until a patch is available, restrict member-level user permissions to the minimum necessary and monitor invitation link usage closely. Implement network segmentation and access controls to limit exposure of Coolify management interfaces. Use multi-factor authentication (MFA) for all administrative accounts to add an additional layer of protection. Consider disabling or tightly controlling the invitation link feature if possible. Regularly review logs for suspicious activity related to invitation links and privilege escalations. Engage with the Coolify community or vendor for updates on patches or mitigations. Additionally, implement incident response plans to quickly revoke compromised credentials and restore secure configurations if exploitation is suspected.