PT-2025-25166 · Unknown · Cloudstack
Fabricio Duarte
·
Published
2025-06-10
·
Updated
2025-06-25
·
CVE-2025-22829
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
CloudStack version 4.20.0.0
Description
The CloudStack Quota plugin has an improper privilege management logic. Anyone with authenticated user-account access in CloudStack environments where this plugin is enabled can enable or disable reception of quota-related emails for any account and list their configurations.
Recommendations
For CloudStack version 4.20.0.0, upgrade to CloudStack version 4.20.1.0 to fix this issue.
Fix
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cloudstack