216.73.217.86

CVE-2025-59454

· Published 27/11/2025 12:15 · Modified 02/12/2025 14:38

Labels: CVE-2025-59454 2025-11-27CVE-2025-59454CWE-200[email protected]

Essential information

Published
27/11/2025 12:15
Modified
02/12/2025 14:38
Author
Creator
CVSS
4.3 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS metrics

Description

In Apache CloudStack, a gap in access control checks affected the APIs - createNetworkACL - listNetworkACLs - listResourceDetails - listVirtualMachinesUsageHistory - listVolumesUsageHistory While these APIs were accessible only to authorized users, insufficient permission validation meant that users could occasionally access information beyond their intended scope. Users are recommended to upgrade to Apache CloudStack 4.20.2.0 or 4.22.0.0, which fixes the issue.

NVD status

Status
Analyzed — CVE has had analysis completed and all data associations made.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
apache / cloudstack cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*
apache / cloudstack cpe:2.3:a:apache:cloudstack:4.21.0.0:*:*:*:*:*:*:*

References