By rssfeeds-admin The LTS releases 4.19.3.0 and 4.20.1.0 contain patches for security vulnerabilities ranging from critical to low severity, with two vulnerabilities rated as critical due to their potential for complete system compromise.
The most severe vulnerability, CVE-2025-26521, affects CloudStack’s Container Kubernetes Service (CKS) implementation and has been assigned a critical severity rating.
This vulnerability exposes API keys and secret keys of ‘kubeadmin’ users when CKS-based Kubernetes clusters are created within projects.
According to the security advisory, when a user creates a Kubernetes cluster in a project, their API credentials become accessible to any project member who can access the cluster.
The vulnerability enables attackers to impersonate cluster creators and perform privileged operations that could result in complete compromise of confidentiality, integrity, and availability of resources owned by the creator’s account.
To address existing deployments, CloudStack recommends creating dedicated service accounts for each project using the “Project Kubernetes Service Role” and updating cluster secrets with new credentials.
Apache CloudStack Vulnerabilities
A second critical vulnerability, CVE-2025-47713, allows malicious Domain Administrators in the ROOT domain to reset passwords of Admin role accounts, effectively enabling privilege escalation attacks.
This vulnerability affects CloudStack versions 4.10.0.0 through 4.20.0.0 and stems from inadequate access controls that fail to properly validate role hierarchies.
Complementing this issue, CVE-2025-47849 permits Domain Administrators to extract API keys and secret keys from Admin accounts within the same domain.
Both vulnerabilities enable attackers to impersonate higher-privileged users and access sensitive APIs that could compromise infrastructure integrity and availability.
Additionally, CVE-2025-30675 affects access control in the listTemplates and listIsos APIs, allowing Domain Administrators and Resource Administrators to gain unauthorized visibility into templates and ISOs under the ROOT domain by manipulating the ‘domainid’ parameter.
The Quota plugin is also affected by CVE-2025-22829, which permits any authenticated user to modify quota email settings for arbitrary accounts when the plugin is enabled.
Enhanced Security Controls
The security updates introduce comprehensive fixes including strict role type hierarchy validation and enhanced API privilege comparisons.
The patches ensure that users can only operate on accounts with equal or lower privilege levels and implement two new domain-level settings to control inter-account operations.
CloudStack strongly recommends upgrading to versions 4.19.3.0 or 4.20.1.0, with users on older versions advised to skip 4.20.0.0 entirely and upgrade directly to 4.20.1.0.
The vulnerabilities were discovered by security researchers including Wei Zhou, Bernardo De Marco Gonçalves, Scott Schmitz, Kevin from Apple, and Fabricio Duarte.
Organizations using Apache CloudStack should prioritize these updates immediately, particularly those utilizing CKS clusters or operating with Domain Administrator roles, as the critical vulnerabilities could lead to complete infrastructure compromise.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.
The post Critical Apache CloudStack Vulnerabilities Allows Unauthorized Privileged Actions appeared first on Cyber Security News.
Discover more from RSS Feeds Cloud
Subscribe to get the latest posts sent to your email.