CVE-2025-69233
Modified Modified - Updated After Analysis
Race Condition in Apache CloudStack Allows Resource Exhaustion

Publication date: 2026-05-08

Last updated on: 2026-05-09

Assigner: Apache Software Foundation

Description
Due to multiple time-of-check time-of-use race conditions in the resource count check and increment logic, as well as missing validations, users of the platform are able to exceed the allocation limits configured for their accounts/domains. This can be used by an attacker to degrade the infrastructure's resources and lead to denial of service conditions. Users are recommended to upgrade to Apache CloudStack versions 4.20.3.0 or 4.22.0.1, or later, which fixes this issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-08
Last Modified
2026-05-09
Generated
2026-06-19
AI Q&A
2026-05-08
EPSS Evaluated
2026-06-18
NVD
CVE-2025-69233
EUVD
EUVD-2025-209744
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
apache cloudstack From 4.21.0.0 (inc) to 4.22.0.1 (exc)
apache cloudstack From 4.0.0 (inc) to 4.20.3.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-770 The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.
CWE-367 The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability arises from multiple time-of-check time-of-use (TOCTOU) race conditions in the resource count check and increment logic, combined with missing validations. Because of these issues, users of the platform can exceed the allocation limits set for their accounts or domains.

Essentially, the system fails to properly enforce resource limits due to timing and validation flaws, allowing attackers to consume more resources than allowed.

Impact Analysis

An attacker exploiting this vulnerability can degrade the infrastructure's resources by exceeding allocation limits, which can lead to denial of service (DoS) conditions.

This means legitimate users may experience service interruptions or degraded performance due to resource exhaustion caused by malicious users.

Mitigation Strategies

Users are recommended to upgrade to Apache CloudStack versions 4.20.3.0 or 4.22.0.1, or later, which fixes this issue.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-69233. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart