CVE-2025-47713

CWE-269Improper Privilege Management5 documents5 sources
Severity
8.8HIGH
EPSS
0.2%
top 54.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Software Foundation Apache CloudstackApache Cloudstack
Timeline
PublishedJun 10
Latest updateJun 11

Description

A privilege escalation vulnerability exists in Apache CloudStack versions 4.10.0.0 through 4.20.0.0 where a malicious Domain Admin user in the ROOT domain can reset the password of user-accounts of Admin role type. This operation is not appropriately restricted and allows the attacker to assume control over higher-privileged user-accounts. A malicious Domain Admin attacker can impersonate an Admin user-account and gain access to sensitive APIs and resources that could result in the compromise of

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDapache/cloudstack4.10.0.04.19.3.0+1
CVEListV5apache_software_foundation/apache_cloudstack4.10.04.19.3.0+1

🔴Vulnerability Details

2
GHSA
GHSA-qmmh-h9p5-p2f7: A privilege escalation vulnerability exists in Apache CloudStack versions 42025-06-11
CVEList
Apache CloudStack: Domain Admin can reset Admin password in Root Domain2025-06-10

📋Vendor Advisories

1
Microsoft
wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop()2024-10-08
CVE-2025-47713 (HIGH CVSS 8.8) | A privilege escalation vulnerabilit | cvebase.io