CVE-2025-66171

Name of the Vulnerable Software and Affected Versions CloudStack versions 4.21.0.0 through 4.22.0.0

Description The CloudStack Backup plugin contains improper access logic. Authenticated users in environments where this plugin is enabled can leverage specific APIs to create new virtual machines using backups belonging to any other user in the environment.

Recommendations Upgrade to CloudStack version 4.22.0.1.