Privilege Escalation Vulnerability in Apache CloudStack Affected by Malicious Domain Admin User
CVE-2025-47713

8.8HIGH

Key Information:

Vendor

Apache
Status
Apache Cloudstack
Vendor
CVE Published:
10 June 2025

What is CVE-2025-47713?

A privilege escalation vulnerability in certain versions of Apache CloudStack allows a malicious Domain Admin user in the ROOT domain to reset the passwords of Admin user-accounts. This misconfiguration permits the attacker to impersonate higher-privileged accounts and access sensitive APIs and resources. Such access can lead to resource integrity compromise, loss of confidentiality, and potential service outages. To mitigate this risk, upgrades to Apache CloudStack versions 4.19.3.0 or 4.20.1.0 are crucial as they introduce enhanced validation checks on user account roles and new settings to restrict operations between different account types.

Affected Version(s)

Apache CloudStack 4.10.0 < 4.19.3.0

Apache CloudStack 4.20.0.0 < 4.20.1.0

References

https://cloudstack.apache.org/blog/cve-advisories-4.19.3....
vendor-advisory
https://www.shapeblue.com/shapeblue-security-advisory-apa...
third-party-advisory
https://lists.apache.org/thread/y3qnwn59t8qggtdohv7k7vw39...
mailing-list

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

.
CVE-2025-47713 : Privilege Escalation Vulnerability in Apache CloudStack Affected by Malicious Domain Admin User