Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-26521— Apache CloudStack: CKS cluster in project exposes user API keys

EPSS 0.25% · P48
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-26521

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Apache CloudStack: CKS cluster in project exposes user API keys
Source: NVD (National Vulnerability Database)
Vulnerability Description
When an Apache CloudStack user-account creates a CKS-based Kubernetes cluster in a project, the API key and the secret key of the 'kubeadmin' user of the caller account are used to create the secret config in the CKS-based Kubernetes cluster. A member of the project who can access the CKS-based Kubernetes cluster, can also access the API key and secret key of the 'kubeadmin' user of the CKS cluster's creator's account. An attacker who's a member of the project can exploit this to impersonate and perform privileged actions that can result in complete compromise of the confidentiality, integrity, and availability of resources owned by the creator's account. CKS users are recommended to upgrade to version 4.19.3.0 or 4.20.1.0, which fixes this issue.Updating Existing Kubernetes Clusters in ProjectsA service account should be created for each project to provide limited access specifically for Kubernetes cluster providers and autoscaling. Follow the steps below to create a new service account, update the secret inside the cluster, and regenerate existing API and service keys:1. Create a New Service AccountCreate a new account using the role "Project Kubernetes Service Role" with the following details: Account Name kubeadmin-<FIRST_EIGHT_CHARACTERS_OF_PROJECT_ID> First Name Kubernetes Last Name Service User Account Type 0 (Normal User) Role ID <ID_OF_SERVICE_ROLE> 2. Add the Service Account to the ProjectAdd this account to the project where the Kubernetes cluster(s) are hosted. 3. Generate API and Secret KeysGenerate API Key and Secret Key for the default user of this account. 4. Update the CloudStack Secret in the Kubernetes ClusterCreate a temporary file `/tmp/cloud-config` with the following data:    api-url = <API_URL>     # For example: <MS_URL>/client/api   api-key = <SERVICE_USER_API_KEY>   secret-key = <SERVICE_USER_SECRET_KEY>   project-id = <PROJECT_ID> Delete the existing secret using kubectl and Kubernetes cluster config:    ./kubectl --kubeconfig kube.conf -n kube-system delete secret cloudstack-secret Create a new secret using kubectl and Kubernetes cluster config:     ./kubectl --kubeconfig kube.conf -n kube-system create secret generic cloudstack-secret --from-file=/tmp/cloud-config Remove the temporary file:     rm /tmp/cloud-config5. Regenerate API and Secret KeysRegenerate the API and secret keys for the original user account that was used to create the Kubernetes cluster.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
信息暴露
Source: NVD (National Vulnerability Database)
Vulnerability Title
Apache CloudStack 信息泄露漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Apache CloudStack是美国阿帕奇(Apache)基金会的一套基础架构即服务(IaaS)云计算平台。该平台主要用于部署和管理大型虚拟机网络。 Apache CloudStack存在信息泄露漏洞,该漏洞源于API密钥和密钥暴露,可能导致权限提升和数据泄露。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
Apache Software FoundationApache CloudStack 4.17.0.0 ~ 4.19.3.0 -

II. Public POCs for CVE-2025-26521

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2025-26521

登录查看更多情报信息。

Same Patch Batch · Apache Software Foundation · 2025-06-10 · 8 CVEs total

CVE-2025-306754.7 MEDIUMApache CloudStack: Unauthorised template/ISO list access to the domain/resource admins
CVE-2025-27818Apache Kafka: Possible RCE attack via SASL JAAS LdapLoginModule configuration
CVE-2025-27819Apache Kafka: Possible RCE/Denial of service attack via SASL JAAS JndiLoginModule configur
CVE-2025-27817Apache Kafka Client: Arbitrary file read and SSRF vulnerability
CVE-2025-47713Apache CloudStack: Domain Admin can reset Admin password in Root Domain
CVE-2025-47849Apache CloudStack: Insecure access of user's API/Secret Keys in the same domain
CVE-2025-22829Apache CloudStack: Unauthorised access to dedicated resources in Quota plugin

IV. Related Vulnerabilities

Same product: Apache CloudStack
Same vendor: Apache Software Foundation
Same weakness: CWE-200

V. Comments for CVE-2025-26521

No comments yet

Leave a comment