CVE-2024-6174: 
Alma Linux vulnerability analysis and mitigation

When a non-x86 platform is detected, cloud-init grants root access to a hardcoded url with a local IP address. This vulnerability (CVE-2024-6174) affects cloud-init across multiple Linux distributions including Ubuntu, Debian, and Red Hat. The issue was discovered and disclosed in June 2025. To prevent exploitation, cloud-init default configurations disable platform enumeration (NVD, Ubuntu).

The vulnerability has been assigned a CVSS v3.1 Base Score of 8.8 (High) with the vector string CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. This indicates that the vulnerability can be exploited from an adjacent network, requires low attack complexity, needs no privileges or user interaction, and can result in high impacts to confidentiality, integrity, and availability. The vulnerability has been classified under CWE-287 (Improper Authentication) (NVD, Wiz).

The vulnerability poses significant security risks as it allows root access through a hardcoded URL with a local IP address on non-x86 platforms. This could potentially lead to unauthorized system access and privilege escalation, affecting the overall security posture of the system (Wiz).

The vulnerability has been addressed in cloud-init version 25.1.3. As a primary mitigation, cloud-init default configurations disable platform enumeration to prevent exploitation. Organizations are advised to update to the fixed version or ensure platform enumeration is disabled in their configurations (Cloud Init Release).