What is CVE-2025-66467?

CVE-2025-66467 is a high-severity vulnerability in Apache CloudStack. It allows unauthorized access to previously owned buckets due to missing MinIO policy cleanup. Urgent remediation is recommended.

What is the severity of CVE-2025-66467?

CVE-2025-66467 has a severity rating of HIGH with a CVSS base score of 8.

CVE-2025-66467 | High Vulnerability in Apache CloudStack

CVE-2025-66467 is a high-severity vulnerability affecting Apache CloudStack. This vulnerability allows users to retain access to buckets they previously owned without proper cleanup of MinIO policies during bucket deletion. As a result, if another user creates a new bucket with the same name, the previous owners may gain unauthorized read and write access to it by using their previously generated access and secret keys. The severity of this vulnerability is underscored by a CVSS score of 8, indicating a high impact risk to affected systems.

Organizations using Apache CloudStack should prioritize patching this vulnerability immediately. The potential for unauthorized access can lead to significant data breaches and compromise sensitive information. Users are advised to upgrade to Apache CloudStack versions 4.20.3.0 or 4.22.0.1, or later, which addresses this critical security flaw.

The vulnerability was published on May 8, 2026, and has been analyzed, indicating that the security community is aware and monitoring it. Given the current threat landscape, organizations utilizing Apache CloudStack must remain vigilant regarding this and similar vulnerabilities.

Failure to remediate this vulnerability could result in unauthorized access to sensitive data, increasing the risk to organizations. Thus, organizations should take immediate action to secure their systems.

Vulnerability Details

The vulnerability is categorized under CWE-459, which pertains to the failure to clean up sensitive data on deletion. The CVSS score of 8 indicates a high severity level, with the primary attack vector being network-based, and a low requirement for privileges and user interaction. The potential impacts on confidentiality, integrity, and availability are all rated as high.

Technical Analysis

The root cause of this vulnerability lies in the lack of proper cleanup of MinIO policies when buckets are deleted in Apache CloudStack. This flaw allows users who previously owned a bucket to retain access to it if a new bucket with the same name is created. The attack vector is network-based, and the complexity is rated as high, requiring low privileges and user interaction.

Users must be cautious as the vulnerability can lead to unauthorized access to sensitive data stored in these buckets, significantly increasing the risk of data breaches.

Risk & Impact Analysis

Risk to organizations includes unauthorized access to sensitive data, which can lead to severe data breaches and reputational damage. The blast radius for this vulnerability is significant, as it affects all users of Apache CloudStack who may have previously owned buckets. Given the CVSS score and the current threat landscape, organizations should address this vulnerability in their priority patch cycle.

Organizations must prioritize remediation efforts immediately, as the potential exploitation of this vulnerability could have serious implications for data security.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

Apache CloudStack versions 4.19.0.0 through 4.20.2.999 and versions 4.21.0.0 through 4.22.0.0 are affected by this vulnerability. Users should upgrade to versions 4.20.3.0 or 4.22.0.1, or later, to mitigate this risk.

Mitigation & Remediation

To mitigate this vulnerability, organizations should upgrade to Apache CloudStack versions 4.20.3.0 or 4.22.0.1, or later. If an immediate upgrade is not possible, organizations should implement additional security measures such as restricting access to sensitive buckets and monitoring for unauthorized access attempts. Continuous security testing and regular audits can also help maintain the security posture.

Detection Guidance

Organizations should monitor logs for indicators of unauthorized access attempts to buckets. Behavioral anomalies, such as unusual access patterns or attempts to access deleted buckets, should be investigated. Implementing alerts for such activities can help in early detection and response.

AppSecure Threat Intelligence Insight

The long-term significance of CVE-2025-66467 lies in its representation of the risks associated with insufficient data cleanup during deletion processes. It highlights the need for stringent policies regarding data management and access controls within cloud infrastructure. Security teams should learn from this vulnerability and ensure that their systems are designed to prevent unauthorized access following data deletion.

Organizations should consider adopting a comprehensive security framework to address similar vulnerabilities and mitigate risks effectively. For further insights into strengthening security protocols, organizations may refer to resources on continuous penetration testing and other best practices.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2025-66467: High Vulnerability in Apache CloudStack