CVE-2025-22610

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to fetch the global coolify instance OAuth configuration. This exposes the "client id" and "client secret" for every custom OAuth provider. The attacker can also modify the global OAuth configuration. Version 4.0.0-beta.361 fixes the issue.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
GitHub_MCNA
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 30%
VendorProductVersion
coollabscoolify
𝑥
< 4.0.0
coollabscoolify
4.0.0:beta100
coollabscoolify
4.0.0:beta101
coollabscoolify
4.0.0:beta102
coollabscoolify
4.0.0:beta103
coollabscoolify
4.0.0:beta104
coollabscoolify
4.0.0:beta105
coollabscoolify
4.0.0:beta106
coollabscoolify
4.0.0:beta107
coollabscoolify
4.0.0:beta108
coollabscoolify
4.0.0:beta109
coollabscoolify
4.0.0:beta110
coollabscoolify
4.0.0:beta111
coollabscoolify
4.0.0:beta112
coollabscoolify
4.0.0:beta113
coollabscoolify
4.0.0:beta114
coollabscoolify
4.0.0:beta115
coollabscoolify
4.0.0:beta116
coollabscoolify
4.0.0:beta117
coollabscoolify
4.0.0:beta118
coollabscoolify
4.0.0:beta119
coollabscoolify
4.0.0:beta120
coollabscoolify
4.0.0:beta121
coollabscoolify
4.0.0:beta122
coollabscoolify
4.0.0:beta123
coollabscoolify
4.0.0:beta124
coollabscoolify
4.0.0:beta125
coollabscoolify
4.0.0:beta126
coollabscoolify
4.0.0:beta127
coollabscoolify
4.0.0:beta128
coollabscoolify
4.0.0:beta129
coollabscoolify
4.0.0:beta130
coollabscoolify
4.0.0:beta131
coollabscoolify
4.0.0:beta132
coollabscoolify
4.0.0:beta133
coollabscoolify
4.0.0:beta134
coollabscoolify
4.0.0:beta135
coollabscoolify
4.0.0:beta136
coollabscoolify
4.0.0:beta137
coollabscoolify
4.0.0:beta138
coollabscoolify
4.0.0:beta139
coollabscoolify
4.0.0:beta140
coollabscoolify
4.0.0:beta141
coollabscoolify
4.0.0:beta142
coollabscoolify
4.0.0:beta143
coollabscoolify
4.0.0:beta144
coollabscoolify
4.0.0:beta145
coollabscoolify
4.0.0:beta146
coollabscoolify
4.0.0:beta147
coollabscoolify
4.0.0:beta148
coollabscoolify
4.0.0:beta149
coollabscoolify
4.0.0:beta150
coollabscoolify
4.0.0:beta151
coollabscoolify
4.0.0:beta152
coollabscoolify
4.0.0:beta153
coollabscoolify
4.0.0:beta154
coollabscoolify
4.0.0:beta155
coollabscoolify
4.0.0:beta156
coollabscoolify
4.0.0:beta157
coollabscoolify
4.0.0:beta158
coollabscoolify
4.0.0:beta159
coollabscoolify
4.0.0:beta160
coollabscoolify
4.0.0:beta161
coollabscoolify
4.0.0:beta162
coollabscoolify
4.0.0:beta163
coollabscoolify
4.0.0:beta164
coollabscoolify
4.0.0:beta165
coollabscoolify
4.0.0:beta166
coollabscoolify
4.0.0:beta167
coollabscoolify
4.0.0:beta168
coollabscoolify
4.0.0:beta169
coollabscoolify
4.0.0:beta170
coollabscoolify
4.0.0:beta171
coollabscoolify
4.0.0:beta172
coollabscoolify
4.0.0:beta173
coollabscoolify
4.0.0:beta174
coollabscoolify
4.0.0:beta175
coollabscoolify
4.0.0:beta176
coollabscoolify
4.0.0:beta177
coollabscoolify
4.0.0:beta178
coollabscoolify
4.0.0:beta179
coollabscoolify
4.0.0:beta18
coollabscoolify
4.0.0:beta180
coollabscoolify
4.0.0:beta181
coollabscoolify
4.0.0:beta182
coollabscoolify
4.0.0:beta183
coollabscoolify
4.0.0:beta184
coollabscoolify
4.0.0:beta185
coollabscoolify
4.0.0:beta186
coollabscoolify
4.0.0:beta187
coollabscoolify
4.0.0:beta188
coollabscoolify
4.0.0:beta189
coollabscoolify
4.0.0:beta19
coollabscoolify
4.0.0:beta190
coollabscoolify
4.0.0:beta191
coollabscoolify
4.0.0:beta192
coollabscoolify
4.0.0:beta193
coollabscoolify
4.0.0:beta194
coollabscoolify
4.0.0:beta195
coollabscoolify
4.0.0:beta196
coollabscoolify
4.0.0:beta197
coollabscoolify
4.0.0:beta198
coollabscoolify
4.0.0:beta199
coollabscoolify
4.0.0:beta20
coollabscoolify
4.0.0:beta200
coollabscoolify
4.0.0:beta201
coollabscoolify
4.0.0:beta202
coollabscoolify
4.0.0:beta203
coollabscoolify
4.0.0:beta204
coollabscoolify
4.0.0:beta205
coollabscoolify
4.0.0:beta206
coollabscoolify
4.0.0:beta207
coollabscoolify
4.0.0:beta208
coollabscoolify
4.0.0:beta209
coollabscoolify
4.0.0:beta21
coollabscoolify
4.0.0:beta211
coollabscoolify
4.0.0:beta212
coollabscoolify
4.0.0:beta213
coollabscoolify
4.0.0:beta214
coollabscoolify
4.0.0:beta215
coollabscoolify
4.0.0:beta216
coollabscoolify
4.0.0:beta217
coollabscoolify
4.0.0:beta218
coollabscoolify
4.0.0:beta219
coollabscoolify
4.0.0:beta22
coollabscoolify
4.0.0:beta220
coollabscoolify
4.0.0:beta221
coollabscoolify
4.0.0:beta222
coollabscoolify
4.0.0:beta223
coollabscoolify
4.0.0:beta224
coollabscoolify
4.0.0:beta225
coollabscoolify
4.0.0:beta226
coollabscoolify
4.0.0:beta227
coollabscoolify
4.0.0:beta228
coollabscoolify
4.0.0:beta229
coollabscoolify
4.0.0:beta23
coollabscoolify
4.0.0:beta230
coollabscoolify
4.0.0:beta231
coollabscoolify
4.0.0:beta232
coollabscoolify
4.0.0:beta233
coollabscoolify
4.0.0:beta234
coollabscoolify
4.0.0:beta235
coollabscoolify
4.0.0:beta236
coollabscoolify
4.0.0:beta237
coollabscoolify
4.0.0:beta238
coollabscoolify
4.0.0:beta239
coollabscoolify
4.0.0:beta24
coollabscoolify
4.0.0:beta240
coollabscoolify
4.0.0:beta241
coollabscoolify
4.0.0:beta242
coollabscoolify
4.0.0:beta243
coollabscoolify
4.0.0:beta244
coollabscoolify
4.0.0:beta245
coollabscoolify
4.0.0:beta246
coollabscoolify
4.0.0:beta247
coollabscoolify
4.0.0:beta248
coollabscoolify
4.0.0:beta249
coollabscoolify
4.0.0:beta25
coollabscoolify
4.0.0:beta250
coollabscoolify
4.0.0:beta251
coollabscoolify
4.0.0:beta252
coollabscoolify
4.0.0:beta253
coollabscoolify
4.0.0:beta254
coollabscoolify
4.0.0:beta255
coollabscoolify
4.0.0:beta256
coollabscoolify
4.0.0:beta257
coollabscoolify
4.0.0:beta258
coollabscoolify
4.0.0:beta259
coollabscoolify
4.0.0:beta26
coollabscoolify
4.0.0:beta260
coollabscoolify
4.0.0:beta261
coollabscoolify
4.0.0:beta262
coollabscoolify
4.0.0:beta263
coollabscoolify
4.0.0:beta264
coollabscoolify
4.0.0:beta265
coollabscoolify
4.0.0:beta266
coollabscoolify
4.0.0:beta267
coollabscoolify
4.0.0:beta268
coollabscoolify
4.0.0:beta269
coollabscoolify
4.0.0:beta27
coollabscoolify
4.0.0:beta270
coollabscoolify
4.0.0:beta271
coollabscoolify
4.0.0:beta272
coollabscoolify
4.0.0:beta273
coollabscoolify
4.0.0:beta274
coollabscoolify
4.0.0:beta275
coollabscoolify
4.0.0:beta276
coollabscoolify
4.0.0:beta277
coollabscoolify
4.0.0:beta278
coollabscoolify
4.0.0:beta279
coollabscoolify
4.0.0:beta28
coollabscoolify
4.0.0:beta280
coollabscoolify
4.0.0:beta281
coollabscoolify
4.0.0:beta282
coollabscoolify
4.0.0:beta283
coollabscoolify
4.0.0:beta284
coollabscoolify
4.0.0:beta285
coollabscoolify
4.0.0:beta286
coollabscoolify
4.0.0:beta287
coollabscoolify
4.0.0:beta288
coollabscoolify
4.0.0:beta289
coollabscoolify
4.0.0:beta29
coollabscoolify
4.0.0:beta290
coollabscoolify
4.0.0:beta291
coollabscoolify
4.0.0:beta292
coollabscoolify
4.0.0:beta293
coollabscoolify
4.0.0:beta294
coollabscoolify
4.0.0:beta295
coollabscoolify
4.0.0:beta296
coollabscoolify
4.0.0:beta297
coollabscoolify
4.0.0:beta298
coollabscoolify
4.0.0:beta299
coollabscoolify
4.0.0:beta30
coollabscoolify
4.0.0:beta300
coollabscoolify
4.0.0:beta301
coollabscoolify
4.0.0:beta302
coollabscoolify
4.0.0:beta303
coollabscoolify
4.0.0:beta304
coollabscoolify
4.0.0:beta305
coollabscoolify
4.0.0:beta306
coollabscoolify
4.0.0:beta307
coollabscoolify
4.0.0:beta308
coollabscoolify
4.0.0:beta309
coollabscoolify
4.0.0:beta31
coollabscoolify
4.0.0:beta310
coollabscoolify
4.0.0:beta311
coollabscoolify
4.0.0:beta312
coollabscoolify
4.0.0:beta313
coollabscoolify
4.0.0:beta314
coollabscoolify
4.0.0:beta315
coollabscoolify
4.0.0:beta316
coollabscoolify
4.0.0:beta317
coollabscoolify
4.0.0:beta318
coollabscoolify
4.0.0:beta319
coollabscoolify
4.0.0:beta32
coollabscoolify
4.0.0:beta320
coollabscoolify
4.0.0:beta321
coollabscoolify
4.0.0:beta322
coollabscoolify
4.0.0:beta323
coollabscoolify
4.0.0:beta324
coollabscoolify
4.0.0:beta325
coollabscoolify
4.0.0:beta326
coollabscoolify
4.0.0:beta327
coollabscoolify
4.0.0:beta328
coollabscoolify
4.0.0:beta329
coollabscoolify
4.0.0:beta33
coollabscoolify
4.0.0:beta330
coollabscoolify
4.0.0:beta331
coollabscoolify
4.0.0:beta332
coollabscoolify
4.0.0:beta333
coollabscoolify
4.0.0:beta334
coollabscoolify
4.0.0:beta335
coollabscoolify
4.0.0:beta336
coollabscoolify
4.0.0:beta337
coollabscoolify
4.0.0:beta338
coollabscoolify
4.0.0:beta339
coollabscoolify
4.0.0:beta34
coollabscoolify
4.0.0:beta340
coollabscoolify
4.0.0:beta341
coollabscoolify
4.0.0:beta342
coollabscoolify
4.0.0:beta343
coollabscoolify
4.0.0:beta344
coollabscoolify
4.0.0:beta345
coollabscoolify
4.0.0:beta346
coollabscoolify
4.0.0:beta347
coollabscoolify
4.0.0:beta348
coollabscoolify
4.0.0:beta349
coollabscoolify
4.0.0:beta35
coollabscoolify
4.0.0:beta350
coollabscoolify
4.0.0:beta351
coollabscoolify
4.0.0:beta352
coollabscoolify
4.0.0:beta353
coollabscoolify
4.0.0:beta354
coollabscoolify
4.0.0:beta355
coollabscoolify
4.0.0:beta356
coollabscoolify
4.0.0:beta357
coollabscoolify
4.0.0:beta358
coollabscoolify
4.0.0:beta359
coollabscoolify
4.0.0:beta36
coollabscoolify
4.0.0:beta360
coollabscoolify
4.0.0:beta37
coollabscoolify
4.0.0:beta38
coollabscoolify
4.0.0:beta39
coollabscoolify
4.0.0:beta40
coollabscoolify
4.0.0:beta41
coollabscoolify
4.0.0:beta42
coollabscoolify
4.0.0:beta43
coollabscoolify
4.0.0:beta44
coollabscoolify
4.0.0:beta45
coollabscoolify
4.0.0:beta46
coollabscoolify
4.0.0:beta47
coollabscoolify
4.0.0:beta48
coollabscoolify
4.0.0:beta49
coollabscoolify
4.0.0:beta50
coollabscoolify
4.0.0:beta51
coollabscoolify
4.0.0:beta52
coollabscoolify
4.0.0:beta53
coollabscoolify
4.0.0:beta54
coollabscoolify
4.0.0:beta55
coollabscoolify
4.0.0:beta56
coollabscoolify
4.0.0:beta57
coollabscoolify
4.0.0:beta58
coollabscoolify
4.0.0:beta59
coollabscoolify
4.0.0:beta60
coollabscoolify
4.0.0:beta61
coollabscoolify
4.0.0:beta62
coollabscoolify
4.0.0:beta63
coollabscoolify
4.0.0:beta64
coollabscoolify
4.0.0:beta65
coollabscoolify
4.0.0:beta66
coollabscoolify
4.0.0:beta67
coollabscoolify
4.0.0:beta68
coollabscoolify
4.0.0:beta69
coollabscoolify
4.0.0:beta70
coollabscoolify
4.0.0:beta71
coollabscoolify
4.0.0:beta72
coollabscoolify
4.0.0:beta73
coollabscoolify
4.0.0:beta74
coollabscoolify
4.0.0:beta75
coollabscoolify
4.0.0:beta76
coollabscoolify
4.0.0:beta77
coollabscoolify
4.0.0:beta78
coollabscoolify
4.0.0:beta79
coollabscoolify
4.0.0:beta80
coollabscoolify
4.0.0:beta81
coollabscoolify
4.0.0:beta82
coollabscoolify
4.0.0:beta83
coollabscoolify
4.0.0:beta84
coollabscoolify
4.0.0:beta85
coollabscoolify
4.0.0:beta86
coollabscoolify
4.0.0:beta87
coollabscoolify
4.0.0:beta88
coollabscoolify
4.0.0:beta89
coollabscoolify
4.0.0:beta90
coollabscoolify
4.0.0:beta91
coollabscoolify
4.0.0:beta92
coollabscoolify
4.0.0:beta93
coollabscoolify
4.0.0:beta94
coollabscoolify
4.0.0:beta95
coollabscoolify
4.0.0:beta96
coollabscoolify
4.0.0:beta97
coollabscoolify
4.0.0:beta98
coollabscoolify
4.0.0:beta99
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/coollabsio/coolify/security/advisories/GHSA-496v-9q38-2x6c