Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2025-47713
CVE-2025-47713:
Apache CloudStack vulnerability analysis and mitigation
Overview
A privilege escalation vulnerability (CVE-2025-47713) was discovered in Apache CloudStack versions 4.10.0.0 through 4.20.0.0, disclosed on June 10, 2025. The vulnerability affects the user account management functionality where malicious Domain Admin users in the ROOT domain could reset passwords of Admin role type accounts. This operation was not appropriately restricted, allowing attackers to bypass role-based access controls and modify credentials of higher-privileged Admin accounts (CloudStack Blog, NVD).
Technical details
The vulnerability stems from improper privilege management in the password reset functionality, allowing Domain Admin users to bypass role-based access controls. The vulnerability has been assigned a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating network accessibility with low attack complexity (CISA-ADP, Wiz).
Impact
The exploitation of this vulnerability allows attackers to assume control over higher-privileged Admin accounts, leading to unauthorized access to sensitive APIs and resources. This can result in compromise of resource integrity and confidentiality, data loss, denial of service, and potential disruption of infrastructure availability managed by CloudStack (CloudStack Blog, Cyber Security News).
Mitigation and workarounds
Apache CloudStack has released versions 4.19.3.0 and 4.20.1.0 to address this vulnerability. The fixes include strict validation on Role Type hierarchy ensuring the caller's user-account role must be equal to or higher than the target user-account's role, and API privilege comparison requiring the caller to possess all privileges of the user they are operating on. Additionally, two new domain-level settings have been introduced: 'role.types.allowed.for.operations.on.accounts.of.same.role.type' (default: 'Admin, DomainAdmin, ResourceAdmin') and 'allow.operations.on.users.in.same.account' (default: true) (CloudStack Blog).
Community reactions
The vulnerability has garnered significant attention in the cybersecurity community, with multiple security firms and researchers highlighting its critical nature. The Apache CloudStack project responded promptly by releasing security patches, and the broader cloud security community has emphasized the importance of proper privilege management in cloud infrastructure (GBHackers).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management