प्लेटफ़ॉर्म
apache
घटक
apache-cloudstack
में ठीक किया गया
4.19.3.0
4.20.1.0
CVE-2025-47849 describes a privilege escalation vulnerability affecting Apache CloudStack versions 4.10.0.0 through 4.20.0.0. A malicious Domain Admin user within the ROOT domain can exploit this flaw to obtain API keys belonging to Admin role user-accounts. This allows the attacker to assume control of higher-privileged accounts, potentially leading to significant data compromise and disruption of services. The vulnerability is resolved in version 4.20.1.0.
This vulnerability allows a malicious Domain Admin user to escalate their privileges within the CloudStack environment. By obtaining the API keys of Admin role user-accounts, the attacker can effectively impersonate these accounts and access sensitive APIs and resources. This could lead to unauthorized modification or deletion of virtual machines, storage volumes, and network configurations. The potential impact extends to data exfiltration, denial of service attacks, and complete compromise of the CloudStack infrastructure. The ability to assume Admin privileges significantly broadens the attacker's blast radius, potentially affecting all resources managed within the domain.
CVE-2025-47849 was publicly disclosed on 2025-06-10. Currently, there are no publicly available proof-of-concept exploits. The vulnerability has not been added to the CISA KEV catalog as of this date. The potential for exploitation is considered medium due to the relatively straightforward nature of the attack and the potential for significant impact.
Organizations utilizing Apache CloudStack in production environments, particularly those with complex domain hierarchies and a large number of administrative accounts, are at risk. Shared hosting environments where multiple customers share a CloudStack instance are also vulnerable, as a compromised Domain Admin account could potentially impact other tenants.
• apache: Examine CloudStack audit logs for unusual API key access patterns or attempts to impersonate Admin users.
journalctl -u cloudstack-management -f | grep "API key" | grep "Admin"• apache: Monitor CloudStack API endpoints for unauthorized access attempts.
curl -I https://<cloudstack_management_server>/api/cloudstack/ | grep -i "403 forbidden"• generic web: Review CloudStack access logs for suspicious activity originating from the ROOT domain.
grep "Domain Admin" /var/log/apache2/access.logdisclosure
एक्सप्लॉइट स्थिति
EPSS
0.09% (25% शतमक)
The primary mitigation for CVE-2025-47849 is to upgrade Apache CloudStack to version 4.20.1.0 or later, which contains the fix. If an immediate upgrade is not feasible, consider implementing stricter access controls and monitoring API key usage. Implement multi-factor authentication (MFA) for all administrative accounts to add an extra layer of security. Review CloudStack configuration to ensure the principle of least privilege is enforced, limiting Domain Admin access to only necessary resources. After upgrade, confirm the fix by attempting to access Admin APIs with a Domain Admin account and verifying that access is denied.
Actualice Apache CloudStack a la versión 4.19.3.0 o 4.20.1.0. Estas versiones incluyen validaciones estrictas en la jerarquía de tipos de roles y comparaciones de privilegios de API, además de nuevas configuraciones a nivel de dominio para restringir las operaciones en cuentas del mismo tipo de rol y dentro de la misma cuenta.
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
CVE-2025-47849 is a vulnerability in Apache CloudStack versions 4.10.0.0–4.20.0.0 that allows a malicious Domain Admin to escalate privileges by obtaining Admin API keys, potentially leading to data compromise and denial of service.
If you are running Apache CloudStack versions 4.10.0.0 through 4.20.0.0, you are potentially affected by this vulnerability. Upgrade to 4.20.1.0 or later to mitigate the risk.
The recommended fix is to upgrade Apache CloudStack to version 4.20.1.0 or later. Consider implementing stricter access controls and MFA as interim measures.
As of the current date, there are no confirmed reports of active exploitation of CVE-2025-47849, but the potential for exploitation exists.
Refer to the official Apache CloudStack security advisory for detailed information and updates regarding CVE-2025-47849: [https://lists.cloudstack.apache.org/gmane/list/security/spamsg/176061/1](https://lists.cloudstack.apache.org/gmane/list/security/spamsg/176061/1)
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।