CloudStack Quota Plugin Privilege Escalation 4.20.0.0
CVE-2025-22829 Published on June 10, 2025
Apache CloudStack: Unauthorised access to dedicated resources in Quota plugin
The CloudStack Quota plugin has an improper privilege management logic in version 4.20.0.0. Anyone with authenticated user-account access in CloudStack 4.20.0.0 environments, where this plugin is enabled and have access to specific APIs can enable or disable reception of quota-related emails for any account in the environment and list their configurations.
Quota plugin users using CloudStack 4.20.0.0 are recommended to upgrade to CloudStack version 4.20.1.0, which fixes this issue.
Weakness Type
Improper Privilege Management
The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Products Associated with CVE-2025-22829
Want to know whenever a new CVE is published for Apache CloudStack? stack.watch will email you.
Affected Versions
Apache Software Foundation Apache CloudStack:- Version 4.20.0.0 and below 4.20.1.0 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.