โ† Back to Dashboard

CVE-2025-66172

MEDIUM NVD
CVSS Score
6.5
Severity
MEDIUM
Source
NVD
Published
May 08, 2026
Description

The CloudStack Backup plugin has an improper access logic in versions 4.21.0.0 and 4.22.0.0. Anyone with authenticated user-account access in CloudStack 4.21.0.0+ environments, where this plugin is enabled and have access to specific APIs can restore a volume from any other user's backups and attach the volume to their own VMs. Backup plugin users using CloudStack 4.21.0.0+ are recommended to upgrade to CloudStack version 4.22.0.1, which fixes this issue.

View Full Details โ† Back