CVE-2025-30675

Name of the Vulnerable Software and Affected Versions Apache CloudStack versions prior to 4.19.3.0 Apache CloudStack versions prior to 4.20.1.0

Description A flaw in access control affects the "listTemplates" and "listIsos" APIs. A malicious Domain Admin or Resource Admin can exploit this issue by specifying the domainid parameter along with the filter=self or filter=selfexecutable values, allowing the attacker to gain unauthorized visibility into templates and ISOs under the ROOT domain. This can lead to the enumeration and extraction of metadata of templates and ISOs that belong to unrelated domains, violating isolation boundaries and potentially exposing sensitive or internal configuration details.

Recommendations For Apache CloudStack versions prior to 4.19.3.0, upgrade to Apache CloudStack 4.19.3.0. For Apache CloudStack versions prior to 4.20.1.0, upgrade to Apache CloudStack 4.20.1.0. As a temporary workaround, consider restricting access to the "listTemplates" and "listIsos" APIs to minimize the risk of exploitation.