CVE-2025-66172

The CloudStack Backup plugin has an improper access logic in versions 4.21.0.0 and 4.22.0.0. Anyone with authenticated user-account access in CloudStack 4.21.0.0+ environments, where this plugin is enabled and have access to specific APIs can restore a volume from any other user's backups and...

CVE-2025-66467

CVE-2025-66467 affects Apache CloudStack in scenarios where MinIO policy cleanup is not performed on bucket deletion. The issue allows previous bucket owners to retain access to buckets they formerly owned: if another user creates a bucket with the same name, those prior owners can gain unauthori...

CVE-2025-66170 Apache CloudStack: Any user can list backups that they should not have access to

The CloudStack Backup plugin has an improper authorization logic in versions 4.21.0.0 and 4.22.0.0. Anyone with authenticated user-account access in CloudStack 4.21.0.0+ environments, where this plugin is enabled and has access to specific APIs can list backups from any account in the environment...

Apache CloudStack 安全漏洞

Apache CloudStack is an IaaS cloud computing platform developed by the Apache Foundation in the United States. This platform is primarily used for deploying and managing large-scale virtual machine networks. Apache CloudStack has security vulnerabilities; these vulnerabilities stem from multiple...