Access Control Flaw in Apache CloudStack Enables Unauthorized Template Visibility
CVE-2025-30675

4.7MEDIUM

Key Information:

Vendor

Apache
Status
Apache Cloudstack
Vendor
CVE Published:
11 June 2025

What is CVE-2025-30675?

In Apache CloudStack, a vulnerability exists within the access control mechanisms of the listTemplates and listIsos APIs. This issue can be exploited by a malicious Domain Admin or Resource Admin who specifies the 'domainid' alongside 'filter=self' or 'filter=selfexecutable' values. As a result, it enables unauthorized access, allowing the attacker to gather metadata of templates and ISOs associated with other domains, undermining the intended isolation between domains. Consequently, sensitive configuration details may be exposed. To address this security gap, updates have been released that enforce domain resolution within the caller's specified scope, thus preventing default access to the ROOT domain.

Affected Version(s)

Apache CloudStack 4.0.0 < 4.19.3.0

Apache CloudStack 4.20.0.0 < 4.20.1.0

References

https://cloudstack.apache.org/blog/cve-advisories-4.19.3....
vendor-advisory
https://www.shapeblue.com/shapeblue-security-advisory-apa...
third-party-advisory
https://lists.apache.org/thread/y3qnwn59t8qggtdohv7k7vw39...
mailing-list

CVSS V3.1

Score:
4.7
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

.