Description
Instances deployed via the Proxmox extension allow unauthorized access to instances belonging to other tenants.




This issue affects Apache CloudStack: from 4.21.0.0 through 4.22.0.0.




The Proxmox extension for CloudStack improperly uses a user-editable instance setting, proxmox_vmid, to associate CloudStack instances with Proxmox virtual machines. Because this value is not restricted or validated against tenant ownership and Proxmox VM IDs are predictable, a non-privileged attacker can modify the setting to reference a VM belonging to another account. This allows unauthorized cross-tenant access and enables full control over the targeted VM, including starting, stopping, and destroying the virtual machine.




Users are recommended to upgrade to version 4.22.0.1, which fixes this issue.




As a workaround for the existing installations, editing of the proxmox_vmid instance detail by users can be prevented by adding this detail name to the global configuration parameter - user.vm.denied.details.
Published: 2026-05-08
Score: 9.1 Critical
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Instances deployed using the Proxmox extension are linked to Proxmox virtual machines through a user‑editable detail, proxmox_vmid. Because this value is neither restricted nor validated against tenant ownership, an attacker who can modify instance details can point their instance to another tenant’s virtual machine. That attacker then gains complete operational control over the targeted VM—starting, stopping, or destroying it—without needing higher privileges or cloud‑network access. The weakness is a confidentiality breach (CWE‑200).

Affected Systems

The vulnerability resides in the Proxmox extension for Apache CloudStack, affecting all releases from 4.21.0.0 up through 4.22.0.0. Any tenant using those versions with the Proxmox integration is susceptible.

Risk and Exploitability

The CVSS score is not disclosed, but the possibility of full VM takeover implies a severe risk. EPSS is not available, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is modification of the proxmox_vmid detail via CloudStack’s API or web console, which can be performed by a non‑privileged user on their own instance. Because Proxmox VM IDs are predictable and unchecked, an attacker can pivot across tenants, making exploitation realistic in an environment where tenant isolation is expected.

Generated by OpenCVE AI on May 8, 2026 at 15:03 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Apache CloudStack to version 4.22.0.1, which removes the unvalidated proxmox_vmid association.
  • Add the name proxmox_vmid to the global setting user.vm.denied.details to prevent users from editing this instance detail.
  • Limit editing of instance details to privileged administrators and enforce tenant ownership checks for the proxmox_vmid value.

Generated by OpenCVE AI on May 8, 2026 at 15:03 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 08 May 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 08 May 2026 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Apache
Apache cloudstack
Vendors & Products Apache
Apache cloudstack

Fri, 08 May 2026 13:00:00 +0000

Type Values Removed Values Added
Description Instances deployed via the Proxmox extension allow unauthorized access to instances belonging to other tenants. This issue affects Apache CloudStack: from 4.21.0.0 through 4.22.0.0. The Proxmox extension for CloudStack improperly uses a user-editable instance setting, proxmox_vmid, to associate CloudStack instances with Proxmox virtual machines. Because this value is not restricted or validated against tenant ownership and Proxmox VM IDs are predictable, a non-privileged attacker can modify the setting to reference a VM belonging to another account. This allows unauthorized cross-tenant access and enables full control over the targeted VM, including starting, stopping, and destroying the virtual machine. Users are recommended to upgrade to version 4.22.0.1, which fixes this issue. As a workaround for the existing installations, editing of the proxmox_vmid instance detail by users can be prevented by adding this detail name to the global configuration parameter - user.vm.denied.details.
Title Apache CloudStack: Proxmox Extension Allows Unauthorized Cross-Tenant Instance Access
Weaknesses CWE-200
References

Subscriptions

Apache Cloudstack
cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published:

Updated: 2026-05-08T17:46:13.532Z

Reserved: 2026-01-30T04:45:03.322Z

Link: CVE-2026-25199

cve-icon Vulnrichment

Updated: 2026-05-08T17:24:21.520Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-05-08T13:16:36.273

Modified: 2026-05-08T18:16:33.333

Link: CVE-2026-25199

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-08T16:15:12Z

Weaknesses