CVE-2025-64420
Unknown Unknown - Not Provided
Unauthorized Access via Root Private Key Disclosure in Coolify

Publication date: 2026-01-05

Last updated on: 2026-01-05

Assigner: GitHub, Inc.

Description
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions prior to and including v4.0.0-beta.434, low privileged users are able to see the private key of the root user on the Coolify instance. This allows them to ssh to the server and authenticate as root user, using the private key. As of time of publication, it is unclear if a patch is available.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-05
Last Modified
2026-01-05
Generated
2026-06-16
AI Q&A
2026-01-05
EPSS Evaluated
2026-06-15
NVD
CVE-2025-64420
EUVD
EUVD-2025-206245
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
coollabsio coolify to 4.0.0-beta.434 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-522 The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in Coolify versions up to v4.0.0-beta.434 allows low privileged users to access the private SSH key of the root user. With this key, they can authenticate as the root user via SSH, gaining full administrative access to the server remotely without needing any special conditions or user interaction. [1]

Impact Analysis

The vulnerability can lead to a complete compromise of the affected system. Unauthorized users with low privileges can gain root access to the server, allowing them to fully control the system, access confidential data, modify or delete data, and disrupt system availability. [1]

Detection Guidance

To detect this vulnerability, you can check if low privileged users have access to the root user's private SSH key within the Coolify instance. Specifically, inspect the Coolify interface for any exposed private keys accessible to non-root users. On the server, you can search for the presence of the root private key file in locations accessible by low privileged users. For example, use commands like 'find / -name id_rsa -perm -o+r 2>/dev/null' to find readable private keys by others. Additionally, monitor SSH login attempts for unusual root authentications from low privileged users. However, no specific detection commands are provided in the resources. [1]

Mitigation Strategies

Immediate mitigation steps include restricting access to the root user's private SSH key so that low privileged users cannot view or retrieve it. Since no patch is available as of the advisory date, you should limit user privileges within Coolify to prevent exposure of sensitive keys. Consider rotating the root SSH keys and removing any exposed keys from the system. Additionally, monitor and restrict SSH access to the server, possibly disabling root login via SSH until a patch or fix is available. Review and harden Coolify instance permissions and configurations to minimize exposure. [1]

Compliance Impact

This vulnerability allows low privileged users to access the root user's private SSH key, enabling full administrative access to the server. Such unauthorized access can lead to a complete compromise of data confidentiality, integrity, and availability. This level of compromise can result in violations of common standards and regulations like GDPR and HIPAA, which require strict controls to protect sensitive data and ensure system security. Therefore, the vulnerability poses a significant risk to compliance with these regulations. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-64420. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart