Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

Apache CloudStack — Vulnerabilities & Security Advisories 32

All 32 CVE vulnerabilities found in Apache CloudStack, with AI-generated Chinese analysis, references, and POCs.

This page documents Common Weakness Enumerations associated with the Apache CloudStack software provided by the Apache Software Foundation. It aggregates known security flaws affecting this specific cloud infrastructure platform to provide a centralized view of its risk profile. The collection includes vulnerabilities such as remote code execution, privilege escalation, and information disclosure, covering reports published from 2010 through the present. By consolidating data from various advisory sources, this resource enables security professionals to track vendor notifications effectively. Users can monitor how the Apache Software Foundation addresses specific issues through its security announcements and understand the evolution of particular weakness classes over time. Additionally, the page allows for a detailed look up of a product's historical vulnerability landscape, helping teams assess their exposure based on previous patches and fixes. This structured approach facilitates better risk management decisions by highlighting trends in reported defects and providing context for individual security events. The information is strictly technical and intended for analysts, administrators, and developers who require accurate data to maintain the integrity and availability of their cloud environments. All entries are derived from publicly available security advisories and verified reports to ensure accuracy and relevance for ongoing security assessments.

Vendor: Apache Software Foundation

CVE IDTitleCVSSSeverityPublished
CVE-2026-25199 Apache CloudStack: Proxmox Extension Allows Unauthorized Cross-Tenant Instance Access CWE-200 10.0AICriticalAI2026-05-08
CVE-2026-25077 Apache CloudStack: Unauthenticated Command Injection in Direct Download Templates CWE-94 8.8AIHighAI2026-05-08
CVE-2025-69233 Apache CloudStack: Domain/account resources limits not honored CWE-367 6.5 Medium2026-05-08
CVE-2025-66467 Apache CloudStack: MinIO policy remains intact on bucket deletion CWE-459 8.0 High2026-05-08
CVE-2025-66172 Apache CloudStack: Any user can attach a volume in their VMs from backups they should not have access to CWE-359 6.5AIMediumAI2026-05-08
CVE-2025-66171 Apache CloudStack: Any user can create a new VM from backups they should not have access to CWE-359 6.5AIMediumAI2026-05-08
CVE-2025-66170 Apache CloudStack: Any user can list backups that they should not have access to CWE-863 4.3AIMediumAI2026-05-08
CVE-2025-59302 Apache CloudStack: Potential remote code execution on Javascript engine defined rules CWE-94 7.2 -2025-11-27
CVE-2025-59454 Apache CloudStack: Lack of user permission validation leading to data leak for few APIs CWE-200 4.3 -2025-11-27
CVE-2025-30675 Apache CloudStack: Unauthorised template/ISO list access to the domain/resource admins CWE-200 4.7 Medium2025-06-10
CVE-2025-22829 Apache CloudStack: Unauthorised access to dedicated resources in Quota plugin CWE-269 4.3AIMediumAI2025-06-10
CVE-2025-26521 Apache CloudStack: CKS cluster in project exposes user API keys CWE-200 7.5AIHighAI2025-06-10
CVE-2025-47849 Apache CloudStack: Insecure access of user's API/Secret Keys in the same domain CWE-269 7.2AIHighAI2025-06-10
CVE-2025-47713 Apache CloudStack: Domain Admin can reset Admin password in Root Domain CWE-269 7.2AIHighAI2025-06-10
CVE-2025-22828 Apache CloudStack: Unauthorised access to annotations CWE-200 4.2 -2025-01-13
CVE-2024-50386 Apache CloudStack: Directly downloaded templates can be used to abuse KVM-based infrastructure CWE-20 8.5 High2024-11-12
CVE-2024-45219 Apache CloudStack: Uploaded and registered templates and volumes can be used to abuse KVM-based infrastructure CWE-20 8.5 High2024-10-16
CVE-2024-45462 Apache CloudStack: Incomplete session invalidation on web interface logout CWE-613 6.3 Medium2024-10-16
CVE-2024-45693 Apache CloudStack: Request origin validation bypass makes account takeover possible CWE-352 8.0 High2024-10-16
CVE-2024-42062 Apache CloudStack: User Key Exposure to Domain Admins CWE-863 7.2AIHighAI2024-08-07
CVE-2024-42222 Apache CloudStack: Unauthorised Network List Access CWE-200 4.3AIMediumAI2024-08-07
CVE-2024-41107 Apache CloudStack: SAML Signature Exclusion CWE-290 9.8 -2024-07-19
CVE-2024-38346 Apache CloudStack: Unauthenticated cluster service port leads to remote execution CWE-94 10.0 -2024-07-05
CVE-2024-39864 Apache CloudStack: Integration API service uses dynamic port when disabled CWE-665 9.1 -2024-07-05
CVE-2024-29008 Apache CloudStack: The extraconfig feature can be abused to load hypervisor resources on a VM instance CWE-20 9.6 -2024-04-04
CVE-2024-29007 Apache CloudStack: When downloading templates or ISOs, the management server and SSVM follow HTTP redirects with potentially dangerous consequences CWE-918 8.1 -2024-04-04
CVE-2024-29006 Apache CloudStack: x-forwarded-for HTTP header parsed by default CWE-290 8.1 -2024-04-04
CVE-2022-35741 Apache CloudStack SAML Single Sign-On XXE 9.8 -2022-07-18
CVE-2022-26779 Apache Cloudstack insecure random number generation affects project email invitation 8.8 -2022-03-15
CVE-2019-17562 Apache CloudStack baremetal组件输入验证错误漏洞 9.8 -2020-05-14

All 32 known CVE vulnerabilities affecting Apache CloudStack with full Chinese analysis, references, and POCs where available.