CVE-2025-64421

CVE-2025-64421 affects Coolify up to version 4.0.0-beta.434. A low-privileged user (member) can invite a high-privileged user by triggering a double-invite process, thereby granting themselves administrator access. After being invited, the attacker can perform a password reset to log in as admin....