CVE-2025-66467 Apache CloudStack: MinIO policy remains intact on bucket deletion

🗓️ 08 May 2026 12:16:04Reported by apacheType

MinIO policy not cleaned on CloudStack bucket deletion enables prior owners to access a bucket with the same name.

Reporter	Title	Published	Views	Family All 8
Circl	CVE-2025-66467	8 May 202615:25	–	circl
CNNVD	Apache CloudStack 安全漏洞	8 May 202600:00	–	cnnvd
CVE	CVE-2025-66467	8 May 202612:16	–	cve
EUVD	EUVD-2025-209743	8 May 202615:31	–	euvd
NVD	CVE-2025-66467	8 May 202613:16	–	nvd
Positive Technologies	PT-2026-38916	8 May 202600:00	–	ptsecurity
RedhatCVE	CVE-2025-66467	5 Jun 202619:31	–	redhatcve
Vulnrichment	CVE-2025-66467 Apache CloudStack: MinIO policy remains intact on bucket deletion	8 May 202612:16	–	vulnrichment

[
  {
    "defaultStatus": "unaffected",
    "product": "Apache CloudStack",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThanOrEqual": "4.20.2.0",
        "status": "affected",
        "version": "4.19.0.0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "4.22.0.0",
        "status": "affected",
        "version": "4.21.0.0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
lists	www.lists.apache.org/thread/n8mt5b7wkpysstb8w7rr9f02kc5cq2xm

08 May 2026 12:16Current

CVSS 3.18

EPSS0.00373

CWE-459