CVE-2025-66171

Published: Mag 08, 2026 Last Modified: Mag 08, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 6,5

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Attack Vector: network

Attack Complexity: low

Privileges Required: low

User Interaction: none

Scope: unchanged

Confidentiality: high

Integrity: none

Availability: none

Description

AI Translation Available

The CloudStack Backup plugin has an improper access logic in versions 4.21.0.0 and 4.22.0.0. Anyone with authenticated user-account access in CloudStack 4.21.0.0+ environments, where this plugin is enabled and have access to specific APIs can create new VMs using backups of any other user of the environment.

Backup plugin users using CloudStack 4.21.0.0+ are recommended to upgrade to CloudStack version 4.22.0.1, which fixes this issue.

359

Exposure of Private Personal Information to an Unauthorized Actor

Incomplete

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Confidentiality

Potential Impacts:

Read Application Data

Applicable Platforms

Technologies: Mobile

View CWE Details

https://lists.apache.org/thread/n8mt5b7wkpysstb8w7rr9f02kc5…

https://lists.apache.org/thread/n8mt5b7wkpysstb8w7rr9f02kc5cq2xm

CVE-2025-66171

Description

Exposure of Private Personal Information to an Unauthorized Actor

Common Consequences

Applicable Platforms

Iscriviti alla newsletter