CVE-2025-22612 — AI Deep Analysis Summary

🚨 **Essence**: Coolify < 4.0.0-beta.374 leaks private keys in **plaintext**. <br>📉 **Consequences**: Total compromise of infrastructure security. Attackers gain full access to sensitive credentials.…

🛡️ **Root Cause**: **Missing Authorization** check. <br>🔍 **CWE**: CWE-200 (Information Exposure). <br>❌ **Flaw**: No access control on key retrieval endpoints. Any authenticated user can bypass security layers. 🛡️

👥 **Affected**: **Coolify** (Self-hosted PaaS). <br>📦 **Version**: All versions **before 4.0.0-beta.374**. <br>🏢 **Vendor**: coollabsio. <br>⚠️ **Scope**: Users running older beta or stable builds. 👥

💻 **Hackers Can**: Retrieve **ANY** existing private key. <br>🔓 **Privileges**: Acts as an authenticated user. <br>📂 **Data**: Accesses instance secrets in **plaintext**.…

⚖️ **Threshold**: **LOW**. <br>🔑 **Auth**: Requires **Authentication**. <br>⚙️ **Config**: No special config needed. <br>🎯 **Ease**: Simple API call if logged in. Not zero-day. ⚖️

🌐 **Public Exp?**: **No PoC** listed. <br>📜 **Status**: Advisory published. <br>🔥 **Wild Exp**: Unlikely yet. <br>👀 **Watch**: Monitor GitHub advisories for proof-of-concept releases. 🌐

🔍 **Self-Check**: Scan for Coolify instances. <br>📊 **Version**: Verify version < 4.0.0-beta.374. <br>🕵️ **Test**: Try accessing key endpoints with valid creds. <br>🛠️ **Tools**: Use DAST scanners for auth bypass. 🔍

✅ **Fixed**: **Yes**. <br>🔧 **Patch**: Upgrade to **4.0.0-beta.374** or later. <br>📥 **Source**: GitHub Security Advisory (GHSA-wg8x-cgq4-vjxj). <br>🔄 **Action**: Immediate update required. ✅

🚧 **No Patch?**: Rotate all private keys immediately. <br>🔒 **Mitigation**: Restrict user access levels. <br>🛑 **Block**: Disable key retrieval endpoints if possible.…

🔥 **Urgency**: **HIGH**. <br>🚨 **Priority**: Patch ASAP. <br>⚠️ **Risk**: CVSS High (C:H, I:H, A:H). <br>📢 **Action**: Critical security update. Do not delay. 🔥