CVE-2025-69233
MEDIUM
6,5
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: low
User Interaction: none
Scope: unchanged
Confidentiality: none
Integrity: none
Availability: high
Description
AI Translation Available
Due to multiple time-of-check time-of-use race conditions in the resource count check and increment logic, as well as missing validations, users of the platform are able to exceed the allocation limits configured for their accounts/domains. This can be used by an attacker to degrade the infrastructure's resources and lead to denial of service conditions.
Users are recommended to upgrade to Apache CloudStack versions 4.20.3.0 or 4.22.0.1, or later, which fixes this issue.
367
Time-of-check Time-of-use (TOCTOU) Race Condition
IncompleteCommon Consequences
Security Scopes Affected:
Integrity
Other
Non-Repudiation
Potential Impacts:
Alter Execution Logic
Unexpected State
Modify Application Data
Modify Files Or Directories
Modify Memory
Other
Hide Activities
Applicable Platforms
All platforms may be affected
770
Allocation of Resources Without Limits or Throttling
IncompleteCommon Consequences
Security Scopes Affected:
Availability
Potential Impacts:
Dos: Resource Consumption (Cpu)
Dos: Resource Consumption (Memory)
Dos: Resource Consumption (Other)
Applicable Platforms
All platforms may be affected
Application
Cloudstack by Apache
Version Range Affected
From
4.21.0.0
(inclusive)
To
4.22.0.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Cloudstack by Apache
Version Range Affected
From
4.0.0
(inclusive)
To
4.20.3.0
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://lists.apache.org/thread/n8mt5b7wkpysstb8w7rr9f02kc5cq2xm