CVE-2025-59454 | Apache CloudStack up to 4.20.1/4.21.x API permission

A vulnerability was found in Apache CloudStack up to 4.20.1/4.21.x. It has been classified as critical. Affected is the function createNetworkACL/listNetworkACLs/listResourceDetails/listVirtualMachinesUsageHistory/listVolumesUsageHistory of the component API. The manipulation leads to permission issues.

This vulnerability is referenced as CVE-2025-59454. Remote exploitation of the attack is possible. No exploit is available.

Upgrading the affected component is recommended.VulDB Recent EntriesRead More