CVE-2025-47713

Name of the Vulnerable Software and Affected Versions Apache CloudStack versions 4.10.0.0 through 4.20.0.0

Description A privilege escalation issue exists where a malicious Domain Admin user in the ROOT domain can reset the password of user-accounts of Admin role type, allowing the attacker to assume control over higher-privileged user-accounts. This could result in the compromise of resource integrity and confidentiality, data loss, denial of service, and availability of infrastructure managed by CloudStack.

Recommendations For Apache CloudStack versions 4.10.0.0 through 4.20.0.0, upgrade to Apache CloudStack 4.19.3.0 or 4.20.1.0, which includes fixes such as strict validation on Role Type hierarchy, API privilege comparison, and new domain-level settings to restrict operations on user accounts.