CVE-2025-66467

Missing MinIO policy cleanup on bucket deletion via Apache CloudStack allows users to retain access to buckets which they previously owned. If another user creates a new bucket with the same name, the previous owners can gain unauthorized read and write access to it by using the previously generated access and secret keys. Users are recommended to upgrade to Apache CloudStack versions 4.20.3.0 or 4.22.0.1, or later, which fixes this issue.

CVSS v3 8.0 HIGH

8.0^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.3 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://lists.apache.org/thread/n8mt5b7wkpysstb8w7rr9f02kc5cq2xm	Mailing List Vendor Advisory
http://www.openwall.com/lists/oss-security/2026/05/09/4	Mailing List Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:apache:cloudstack::::::::
	cpe:2.3:a:apache:cloudstack::::::::

History

11 May 2026, 12:57

Type	Values Removed	Values Added
First Time		Apache Apache cloudstack
CPE		cpe:2.3:a:apache:cloudstack::::::::
References	~~() https://lists.apache.org/thread/n8mt5b7wkpysstb8w7rr9f02kc5cq2xm -~~	() https://lists.apache.org/thread/n8mt5b7wkpysstb8w7rr9f02kc5cq2xm - Mailing List, Vendor Advisory
References	~~() http://www.openwall.com/lists/oss-security/2026/05/09/4 -~~	() http://www.openwall.com/lists/oss-security/2026/05/09/4 - Mailing List, Third Party Advisory

09 May 2026, 07:16

Type	Values Removed	Values Added
References		() http://www.openwall.com/lists/oss-security/2026/05/09/4 -

08 May 2026, 13:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-05-08 13:16

Updated : 2026-05-11 12:57

NVD link : CVE-2025-66467

Mitre link : CVE-2025-66467

CVE.ORG link : CVE-2025-66467

JSON object : View

Products Affected

apache

cloudstack

CWE

CWE-459

Incomplete Cleanup

{"id": "CVE-2025-66467", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@apache.org", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.0, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 1.3}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.8}]}, "published": "2026-05-08T13:16:35.720", "references": [{"url": "https://lists.apache.org/thread/n8mt5b7wkpysstb8w7rr9f02kc5cq2xm", "tags": ["Mailing List", "Vendor Advisory"], "source": "security@apache.org"}, {"url": "http://www.openwall.com/lists/oss-security/2026/05/09/4", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security@apache.org", "description": [{"lang": "en", "value": "CWE-459"}]}], "descriptions": [{"lang": "en", "value": "Missing MinIO policy cleanup on bucket deletion via Apache CloudStack allows users to retain access to buckets which they previously owned. If another user creates a new bucket with the same name, the previous owners can gain unauthorized read and write access to it by using the previously generated access and secret keys.\n\nUsers are recommended to upgrade to Apache CloudStack versions 4.20.3.0 or 4.22.0.1, or later, which fixes this issue."}], "lastModified": "2026-05-11T12:57:20.683", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C4510E55-3BB6-449E-B53C-62AF46245DF5", "versionEndExcluding": "4.20.3.0", "versionStartIncluding": "4.19.0.0"}, {"criteria": "cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "78690ED1-C4B3-4DC9-9B53-FB31D6D17125", "versionEndExcluding": "4.22.0.1", "versionStartIncluding": "4.21.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@apache.org"}