PT-2025-48265 · Apache · Apache Cloudstack
Bugreporter@Qq.Com
·
Published
2025-11-27
·
Updated
2025-12-04
·
CVE-2025-59454
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Apache CloudStack versions prior to 4.20.2.0
Apache CloudStack versions prior to 4.22.0.0
Description
A flaw in access control checks within Apache CloudStack allowed authorized users to potentially access information beyond their intended scope. This issue affected several APIs, including
createNetworkACL, listNetworkACLs, listResourceDetails, listVirtualMachinesUsageHistory, and listVolumesUsageHistory. Insufficient permission validation was identified as the root cause.Recommendations
Upgrade to Apache CloudStack version 4.20.2.0.
Upgrade to Apache CloudStack version 4.22.0.0.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Cloudstack