CVE-2025-22607: Medium Vulnerability in Coollabs Coolify

CVE-2025-22607 is a medium-severity vulnerability affecting Coolify, an open-source and self-hostable tool for managing servers, applications, and databases. This vulnerability allows any authenticated user to fetch the details page for any GitHub or GitLab configuration on a Coolify instance by merely knowing the UUID of the model. The exposed information includes sensitive credentials such as the client ID, client secret, and webhook secret.

With a CVSS score of 4.7, organizations should recognize the importance of addressing this vulnerability promptly. The risk to organizations includes potential unauthorized access to sensitive configurations, which may lead to further exploitation or data breaches.

As of now, there is no public exploit confirmed in the wild, but the nature of the vulnerability and the information exposed necessitates immediate remediation. Organizations running versions prior to 4.0.0-beta.361 should prioritize patching to mitigate the risks associated with this vulnerability.

Organizations should prioritize patching immediately. The fixed version is 4.0.0-beta.361, which addresses the authorization issues that led to this vulnerability.

Vulnerability Details

This vulnerability allows any authenticated user to access sensitive GitHub/GitLab configuration details on a Coolify instance. The CVSS score of 4.7 classifies it as medium severity, indicating a moderate risk to confidentiality with a high impact on confidentiality, and no impact on integrity and availability.

The affected product is Coolify, developed by Coollabs. The vulnerability was published on January 24, 2025, and the fixed version is 4.0.0-beta.361. The associated CWE classifications include CWE-200 (Information Exposure) and CWE-862 (Missing Authorization).

Technical Analysis

The root cause of this vulnerability is a lack of proper authorization checks. The attack vector is local, requiring authenticated access to the system. The attack complexity is low, allowing attackers to exploit the vulnerability without significant effort. Only low privileges are required to access the vulnerable functionality, and no user interaction is necessary.

The confidentiality impact is high, as sensitive configuration details can be exposed to unauthorized users. There is no impact on integrity or availability, making this vulnerability particularly concerning for organizations that utilize Coolify for managing sensitive applications and data.

Risk & Impact Analysis

Real-world deployment risk associated with this vulnerability is significant. The potential exposure of client IDs and secrets can lead to unauthorized access and data breaches. Organizations utilizing Coolify must be aware of the blast radius this vulnerability represents, as it may affect multiple configurations and integrations with GitHub and GitLab.

The urgency assessment based on the CVSS score indicates that organizations should address this vulnerability in their priority patch cycle. Given the current exploitability status, organizations should remain vigilant and monitor for any potential indicators of exploitation.

Exploitation Status

Affected Versions

All versions prior to vendor patch, specifically those before 4.0.0-beta.361, are affected by this vulnerability.

Mitigation & Remediation

To mitigate this vulnerability, organizations should upgrade to Coolify version 4.0.0-beta.361 or later. If immediate patching is not feasible, organizations should consider implementing workarounds such as restricting access to sensitive configuration pages and enabling robust logging for monitoring access attempts.

For further assistance, organizations may consider engaging in penetration testing to identify and remediate similar vulnerabilities.

Detection Guidance

Organizations should monitor logs for any unauthorized access attempts to sensitive configuration pages. Behavioral anomalies, such as unusual access patterns by authenticated users, should also be investigated.

AppSecure Threat Intelligence Insight

The long-term significance of this vulnerability lies in the potential for similar authorization flaws in other applications. Security teams should consider adopting best practices in access control to prevent similar vulnerabilities.

Understanding the patterns of authorization failures is crucial. Organizations can benefit from reviewing their security architecture and ensuring robust authorization mechanisms are in place. For guidance on improving security posture, refer to our penetration testing methodology and best practices.

This incident serves as a reminder of the importance of thorough security assessments. Organizations should stay informed about emerging vulnerabilities and adopt proactive measures to secure their applications against similar threats.