CVE-2025-64420
Unauthorized Access via Root Private Key Disclosure in Coolify
Publication date: 2026-01-05
Last updated on: 2026-01-05
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| coollabsio | coolify | to 4.0.0-beta.434 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-522 | The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Coolify versions up to v4.0.0-beta.434 allows low privileged users to access the private SSH key of the root user. With this key, they can authenticate as the root user via SSH, gaining full administrative access to the server remotely without needing any special conditions or user interaction. [1]
How can this vulnerability impact me? :
The vulnerability can lead to a complete compromise of the affected system. Unauthorized users with low privileges can gain root access to the server, allowing them to fully control the system, access confidential data, modify or delete data, and disrupt system availability. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
To detect this vulnerability, you can check if low privileged users have access to the root user's private SSH key within the Coolify instance. Specifically, inspect the Coolify interface for any exposed private keys accessible to non-root users. On the server, you can search for the presence of the root private key file in locations accessible by low privileged users. For example, use commands like 'find / -name id_rsa -perm -o+r 2>/dev/null' to find readable private keys by others. Additionally, monitor SSH login attempts for unusual root authentications from low privileged users. However, no specific detection commands are provided in the resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the root user's private SSH key so that low privileged users cannot view or retrieve it. Since no patch is available as of the advisory date, you should limit user privileges within Coolify to prevent exposure of sensitive keys. Consider rotating the root SSH keys and removing any exposed keys from the system. Additionally, monitor and restrict SSH access to the server, possibly disabling root login via SSH until a patch or fix is available. Review and harden Coolify instance permissions and configurations to minimize exposure. [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows low privileged users to access the root user's private SSH key, enabling full administrative access to the server. Such unauthorized access can lead to a complete compromise of data confidentiality, integrity, and availability. This level of compromise can result in violations of common standards and regulations like GDPR and HIPAA, which require strict controls to protect sensitive data and ensure system security. Therefore, the vulnerability poses a significant risk to compliance with these regulations. [1]