Cloudstack · Cloudstack Backup · CVE-2025-66172
**Name of the Vulnerable Software and Affected Versions**
CloudStack Backup plugin versions 4.21.0.0 through 4.22.0.0
**Description**
The CloudStack Backup plugin contains improper access logic. Authenticated users in environments where this plugin is enabled can access specific APIs to restore a volume from another user's backups and attach that volume to their own virtual machines.
**Recommendations**
Upgrade to version 4.22.0.1.