Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2025-47713
Analyzed
More InfoOfficial Page
Source-security@apache.org
View Known Exploited Vulnerability (KEV) details
Published At-10 Jun, 2025 | 23:15
Updated At-01 Jul, 2025 | 20:13

A privilege escalation vulnerability exists in Apache CloudStack versions 4.10.0.0 through 4.20.0.0 where a malicious Domain Admin user in the ROOT domain can reset the password of user-accounts of Admin role type. This operation is not appropriately restricted and allows the attacker to assume control over higher-privileged user-accounts. A malicious Domain Admin attacker can impersonate an Admin user-account and gain access to sensitive APIs and resources that could result in the compromise of resource integrity and confidentiality, data loss, denial of service, and availability of infrastructure managed by CloudStack. Users are recommended to upgrade to Apache CloudStack 4.19.3.0 or 4.20.1.0, which fixes the issue with the following: * Strict validation on Role Type hierarchy: the caller's user-account role must be equal to or higher than the target user-account's role. * API privilege comparison: the caller must possess all privileges of the user they are operating on. * Two new domain-level settings (restricted to the default Admin):  - role.types.allowed.for.operations.on.accounts.of.same.role.type: Defines which role types are allowed to act on users of the same role type. Default: "Admin, DomainAdmin, ResourceAdmin".    - allow.operations.on.users.in.same.account: Allows/disallows user operations within the same account. Default: true.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches
The Apache Software Foundation
apache
>>cloudstack>>Versions from 4.10.0.0(inclusive) to 4.19.3.0(exclusive)
cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>cloudstack>>Versions from 4.20.0.0(inclusive) to 4.20.1.0(exclusive)
cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-269Secondarysecurity@apache.org
CWE ID: CWE-269
Type: Secondary
Source: security@apache.org
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://cloudstack.apache.org/blog/cve-advisories-4.19.3.0-4.20.1.0/security@apache.org
Vendor Advisory
https://lists.apache.org/thread/y3qnwn59t8qggtdohv7k7vw39bgb3d60security@apache.org
Mailing List
Vendor Advisory
https://www.shapeblue.com/shapeblue-security-advisory-apache-cloudstack-security-releases-4-19-3-0-and-4-20-1-0/security@apache.org
Broken Link
Hyperlink: https://cloudstack.apache.org/blog/cve-advisories-4.19.3.0-4.20.1.0/
Source: security@apache.org
Resource:
Vendor Advisory
Hyperlink: https://lists.apache.org/thread/y3qnwn59t8qggtdohv7k7vw39bgb3d60
Source: security@apache.org
Resource:
Mailing List
Vendor Advisory
Hyperlink: https://www.shapeblue.com/shapeblue-security-advisory-apache-cloudstack-security-releases-4-19-3-0-and-4-20-1-0/
Source: security@apache.org
Resource:
Broken Link
Change History
0Changes found
Details not found