CVE Catalog

CVE-2026-25199

Critical
Published: Translated: NVD NIST

Summary

The Proxmox extension for Apache CloudStack allows unauthorized access to instances belonging to other tenants. The issue arises from improper use of an instance setting, enabling attackers to modify and gain control over virtual machines of other users.

Risk Assessment

The organization is at risk of unauthorized access to virtual machines, which could lead to data loss or service disruption. Attackers can fully control the virtual machines, posing a serious security threat.

Recommendation

It is recommended to upgrade to version 4.22.0.1, which fixes this vulnerability. Alternatively, editing the proxmox_vmid setting by users can be prevented by adding this detail name to the global configuration parameter - user.vm.

Original NVD description (English source)

Instances deployed via the Proxmox extension allow unauthorized access to instances belonging to other tenants. This issue affects Apache CloudStack: from 4.21.0.0 through 4.22.0.0. The Proxmox extension for CloudStack improperly uses a user-editable instance setting, proxmox_vmid, to associate CloudStack instances with Proxmox virtual machines. Because this value is not restricted or validated against tenant ownership and Proxmox VM IDs are predictable, a non-privileged attacker can modify the setting to reference a VM belonging to another account. This allows unauthorized cross-tenant access and enables full control over the targeted VM, including starting, stopping, and destroying the virtual machine. Users are recommended to upgrade to version 4.22.0.1, which fixes this issue. As a workaround for the existing installations, editing of the proxmox_vmid instance detail by users can be prevented by adding this detail name to the global configuration parameter - user.vm

Vulnerability data from NVD (NIST) · CISA KEV · EPSS