CVE-2025-22610 Coolify Vulnerable to OAuth Secrets Leak

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to fetch the global coolify instance OAuth configuration. This exposes the "client id" and "client secret" f...

PT-2025-4596 · Coolify · Coolify

Name of the Vulnerable Software and Affected Versions: Coolify versions prior to 4.0.0-beta.361 Description: The issue is related to missing authorization, allowing any authenticated user to access and modify the global Coolify instance OAuth configuration. This exposes sensitive information,...