CVE-2025-47713
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-06-10

Last updated on: 2025-07-01

Assigner: Apache Software Foundation

Description
A privilege escalation vulnerability exists in Apache CloudStack versions 4.10.0.0 through 4.20.0.0 where a malicious Domain Admin user in the ROOT domain can reset the password of user-accounts of Admin role type. This operation is not appropriately restricted and allows the attacker to assume control over higher-privileged user-accounts.Β A malicious Domain Admin attacker can impersonate an Admin user-account and gain access to sensitive APIs and resources thatΒ could result in the compromise of resource integrity and confidentiality, data loss, denial of service, and availability of infrastructure managed by CloudStack. Users are recommended to upgrade to Apache CloudStack 4.19.3.0 or 4.20.1.0, which fixes the issue with the following: * Strict validation on Role Type hierarchy: the caller's user-account role must be equal to or higher than the target user-account's role. * API privilege comparison: the caller must possess all privileges of the user they are operating on. * Two new domain-level settings (restricted to the default Admin):  - role.types.allowed.for.operations.on.accounts.of.same.role.type: Defines which role types are allowed to act on users of the same role type. Default: "Admin, DomainAdmin, ResourceAdmin". Β  Β - allow.operations.on.users.in.same.account: Allows/disallows user operations within the same account. Default: true.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-06-10
Last Modified
2025-07-01
Generated
2026-05-06
AI Q&A
2025-06-11
EPSS Evaluated
2026-05-05
NVD
CVE-2025-47713
EUVD
EUVD-2025-18067
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
apache cloudstack From 4.10.0.0 (inc) to 4.19.3.0 (exc)
apache cloudstack From 4.20.0.0 (inc) to 4.20.1.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-269 The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a privilege escalation issue in Apache CloudStack versions 4.10.0.0 through 4.20.0.0. A malicious Domain Admin user in the ROOT domain can reset the passwords of user accounts with the Admin role type without proper restrictions. This allows the attacker to take control of higher-privileged user accounts, impersonate Admin users, and gain access to sensitive APIs and resources.


How can this vulnerability impact me? :

The vulnerability can lead to an attacker gaining unauthorized control over high-privilege user accounts, which may result in compromise of resource integrity and confidentiality, data loss, denial of service, and disruption of the availability of infrastructure managed by CloudStack.


What immediate steps should I take to mitigate this vulnerability?

Users are recommended to upgrade Apache CloudStack to version 4.19.3.0 or 4.20.1.0, which include fixes such as strict validation on Role Type hierarchy, API privilege comparison, and new domain-level settings to restrict operations on accounts of the same role type. These steps mitigate the privilege escalation vulnerability by ensuring that only authorized users can reset passwords or perform operations on higher-privileged accounts.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart