CVE-2026-25199
Unauthorized Cross-Tenant Access in Apache CloudStack Proxmox Extension
Publication date: 2026-05-08
Last updated on: 2026-05-08
Assigner: Apache Software Foundation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apache | cloudstack | From 4.21.0.0 (inc) to 4.22.0.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Proxmox extension for Apache CloudStack versions 4.21.0.0 through 4.22.0.0. The extension improperly uses a user-editable instance setting called proxmox_vmid to link CloudStack instances with Proxmox virtual machines.
Because the proxmox_vmid value is not restricted or validated against tenant ownership and Proxmox VM IDs are predictable, a non-privileged attacker can modify this setting to reference a virtual machine belonging to another tenant.
This allows unauthorized cross-tenant access, giving the attacker full control over the targeted virtual machine, including the ability to start, stop, and destroy it.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized access to virtual machines belonging to other tenants within the same CloudStack environment.
An attacker with non-privileged access can gain full control over another tenant's virtual machine, including starting, stopping, and destroying it.
This can result in data loss, service disruption, and potential compromise of sensitive information hosted on the affected virtual machines.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, users are recommended to upgrade Apache CloudStack to version 4.22.0.1, which contains the fix.
As a workaround for existing installations, editing of the proxmox_vmid instance detail by users can be prevented by adding this detail name to the global configuration parameter user.vm.denied.details.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows unauthorized cross-tenant access to virtual machines, enabling attackers to control instances belonging to other tenants. Such unauthorized access to data and systems can lead to violations of data protection and privacy regulations like GDPR and HIPAA, which require strict access controls and tenant data isolation.
By permitting non-privileged users to access and control resources of other tenants, the vulnerability undermines confidentiality and integrity requirements mandated by these standards, potentially resulting in non-compliance and associated legal or regulatory consequences.