CVE-2025-22829
BaseFortify
Publication date: 2025-06-10
Last updated on: 2025-06-25
Assigner: Apache Software Foundation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apache | cloudstack | 4.20.0.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-269 | The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the CloudStack Quota plugin version 4.20.0.0 involves improper privilege management. Authenticated users with access to specific APIs can enable or disable quota-related email notifications for any account in the environment and can also list quota configurations, actions they should not normally be authorized to perform.
How can this vulnerability impact me? :
The vulnerability allows authenticated users to manipulate quota-related email notifications and view quota configurations for any account, potentially leading to unauthorized information disclosure and disruption of quota notification processes within the CloudStack environment.
What immediate steps should I take to mitigate this vulnerability?
Upgrade CloudStack from version 4.20.0.0 to version 4.20.1.0, which contains the fix for this vulnerability.