โ† Back to Dashboard

CVE-2025-66171

MEDIUM NVD
CVSS Score
6.5
Severity
MEDIUM
Source
NVD
Published
May 08, 2026
Description

The CloudStack Backup plugin has an improper access logic in versions 4.21.0.0 and 4.22.0.0. Anyone with authenticated user-account access in CloudStack 4.21.0.0+ environments, where this plugin is enabled and have access to specific APIs can create new VMs using backups of any other user of the environment. Backup plugin users using CloudStack 4.21.0.0+ are recommended to upgrade to CloudStack version 4.22.0.1, which fixes this issue.

View Full Details โ† Back