CVE-2025-66172

The CloudStack Backup plugin has an improper access logic in versions 4.21.0.0 and 4.22.0.0. Anyone with authenticated user-account access in CloudStack 4.21.0.0+ environments, where this plugin is enabled and have access to specific APIs can restore a volume from any other user's backups and...

PT-2026-38914

Name of the Vulnerable Software and Affected Versions CloudStack versions 4.21.0.0 through 4.22.0.0 Description The CloudStack Backup plugin contains improper access logic. Authenticated users in environments where this plugin is enabled can leverage specific APIs to create new virtual machines...