CVE-2025-59454

In Apache CloudStack, a gap in access control checks affected the APIs - createNetworkACL<br /> - listNetworkACLs<br /> - listResourceDetails<br /> - listVirtualMachinesUsageHistory<br /> - listVolumesUsageHistory<br /> <br /> While these APIs were accessible only to authorized users, insufficient permission validation meant that users could occasionally access information beyond their intended scope.<br /> <br /> <br /> <br /> <br /> Users are recommended to upgrade to Apache CloudStack 4.20.2.0 or 4.22.0.0, which fixes the issue.